Vulnerabilities > GNU > Emacs
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-12-07 | CVE-2007-6109 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GNU Emacs Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain "emacs -batch -eval" command line. | 10.0 |
| 2007-11-02 | CVE-2007-5795 | Local Variable Handling Code Execution vulnerability in GNU Emacs The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration. | 6.3 |
| 2007-06-21 | CVE-2007-2833 | Remote Denial of Service vulnerability in GNU Emacs Image Processing Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation. | 7.8 |
| 2005-02-07 | CVE-2005-0100 | Remote Format String vulnerability in GNU Emacs and Xemacs Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets. | 7.5 |
| 2003-12-31 | CVE-2003-1232 | Local Variable Arbitrary Command Execution vulnerability in GNU Emacs 21.2.1 Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable. | 5.1 |
| 2001-08-07 | CVE-2001-1301 | Local Security vulnerability in Xemacs rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file. | 1.2 |