CVE-2007-6109

NameCVE-2007-6109
DescriptionStack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain "emacs -batch -eval" command line.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDTSA-98-1, DTSA-99-1
Debian Bugs455432, 455433, 457764

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xemacs21 (PTS)buster21.4.24-8fixed
bullseye21.4.24-9fixed
bookworm21.4.24-11fixed
sid, trixie21.4.24-12fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
emacs21sourcelenny21.4a+1-5.1+lenny1DTSA-98-1
emacs21source(unstable)21.4a+1-5.2455433
emacs22sourcelenny22.1+1-2.1+lenny1DTSA-99-1
emacs22source(unstable)22.1+1-2.2455432
xemacs21source(unstable)21.4.21-4457764

Notes

[etch] - emacs21 <no-dsa> (Minor issue, .el scripts opened need to be trusted)
[etch] - xemacs21 <no-dsa> (Minor issue, .el scripts opened need to be trusted)
Search for package or bug name: Reporting problems