Gnu Emacs vulnerabilities

CVE-2025-1244 [HIGH] CVE-2025-1244: A command injection flaw was found in the text editor Emacs A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.

CVE-2024-53920 [HIGH] CWE-94 CVE-2024-53920: In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (f In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrus

CVE-2024-39331 [CRITICAL] CWE-94 CVE-2024-39331: In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.

CVE-2024-30205 [HIGH] CWE-494 CVE-2024-30205: In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mo In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.

CVE-2024-30202 [HIGH] CWE-94 CVE-2024-30202: In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.

CVE-2024-30203 [MEDIUM] CVE-2024-30203: In Emacs before 29.3, Gnus treats inline MIME contents as trusted. In Emacs before 29.3, Gnus treats inline MIME contents as trusted.

CVE-2024-30204 [LOW] CWE-276 CVE-2024-30204: In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.

CVE-2023-2491 [HIGH] CWE-77 CVE-2023-2491: A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "or A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.

CVE-2023-28617 [HIGH] CVE-2023-28617: org-babel-execute:latex in ob-latex org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.

CVE-2023-27986 [HIGH] CWE-94 CVE-2023-27986: emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections thro emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.

CVE-2023-27985 [HIGH] CWE-78 CVE-2023-27985: emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections throug emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90

CVE-2022-48337 [CRITICAL] CWE-78 CVE-2022-48337: GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current w

CVE-2022-48338 [HIGH] CWE-77 CVE-2022-48338: An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file funct An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameter

CVE-2022-48339 [HIGH] CWE-116 CVE-2022-48339: An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerabil An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.

CVE-2022-45939 [HIGH] CWE-78 CVE-2022-45939: GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working

CVE-2017-1000383 [MEDIUM] CWE-200 CVE-2017-1000383: GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary.

CVE-2017-14482 [HIGH] CVE-2017-14482: GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Cont GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in li

CVE-2014-9483 [HIGH] CWE-200 CVE-2014-9483: Emacs 24.4 allows remote attackers to bypass security restrictions. Emacs 24.4 allows remote attackers to bypass security restrictions.

CVE-2014-3422 [LOW] CWE-59 CVE-2014-3422: lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary f lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.

CVE-2014-3423 [LOW] CWE-59 CVE-2014-3423: lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.