CVE-2017-14482

NameCVE-2017-14482
DescriptionGNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article).
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1101-1, DSA-3970-1, DSA-3975-1
NVD severitymedium (attack range: remote)
Debian Bugs875447, 875448, 875449

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
emacs23 (PTS)wheezy23.4+1-4vulnerable
wheezy (security)23.4+1-4+deb7u1fixed
emacs24 (PTS)jessie24.4+1-5vulnerable
jessie (security)24.4+1-5+deb8u1fixed
stretch (security), stretch24.5+1-11+deb9u1fixed
emacs25 (PTS)stretch (security), stretch25.1+1-4+deb9u1fixed
buster, sid25.2+1-6fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
emacs23source(unstable)(unfixed)medium875449
emacs23sourcewheezy23.4+1-4+deb7u1mediumDLA-1101-1
emacs24source(unstable)(unfixed)medium875448
emacs24sourcejessie24.4+1-5+deb8u1mediumDSA-3970-1
emacs24sourcestretch24.5+1-11+deb9u1mediumDSA-3970-1
emacs25source(unstable)25.2+1-6medium875447
emacs25sourcestretch25.1+1-4+deb9u1mediumDSA-3975-1

Notes

http://www.openwall.com/lists/oss-security/2017/09/11/1
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28350
https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-25&id=9ad0fcc54442a9a01d41be19880250783426db70

Search for package or bug name: Reporting problems