Lucene search
Redhat.comRH:CVE-2017-14482HistorySep 15, 2017 - 7:48 a.m.
CVE-2017-14482
2017-09-1507:48:36
redhat.com
access.redhat.com
19
EPSS
0.031
Percentile
91.1%
A command injection flaw within the Emacs “enriched mode” handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary commands with the privileges of the Emacs user.
Mitigation
This issue can be mitigated by adding the following lines to the Emacs init file (for example ~/.emacs, ~/emacs.d/init.el, site-start.el) and avoiding options that would bypass normal initialization, like 'emacs -Q':
;; Mitigate CVE-2017-14482 in Emacs 25.2 and earlier
(require 'enriched)
(defun enriched-decode-display-prop (start end &optional param)
(list start end))
Related
fedora
fedora
[SECURITY] Fedora 25 Update: vips-8.4.4-1.fc25.1
2017-09-19 15:25:23
[SECURITY] Fedora 25 Update: rss-glx-0.9.1.p-27.fc25.1
2017-09-19 15:25:20
[SECURITY] Fedora 25 Update: perl-Image-SubImageFind-0.03-13.fc25
2017-09-19 15:25:17
nessus
nessus
Fedora 26 : 1:emacs (2017-a1dc0ef38c)
2017-09-14 00:00:00
Debian DLA-1101-1 : emacs23 security update
2017-09-22 00:00:00
Debian DSA-3970-1 : emacs24 - security update
2017-09-13 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-3975-1)
2017-09-14 00:00:00
Ubuntu: Security Advisory (USN-3428-1)
2018-10-26 00:00:00
Fedora Update for rss-glx FEDORA-2017-3a568adb31
2017-09-20 00:00:00
suse
suse
Security update for emacs (important)
2017-09-21 03:07:15
Security update for emacs (important)
2017-09-20 15:08:02
Security update for emacs (important)
2017-09-20 18:09:19
ubuntu
ubuntu
Emacs vulnerability
2017-09-21 00:00:00
Emacs vulnerability
2017-09-21 00:00:00
canvas
canvas
Immunity Canvas: EMACS_ENRICHED
2017-09-14 16:29:00
debian
debian
[SECURITY] [DLA 1101-1] emacs23 security update
2017-09-21 19:50:29
[SECURITY] [DSA 3975-1] emacs25 security update
2017-09-15 21:21:38
debiancve
debiancve
CVE-2017-14482
2017-09-14 16:29:00
gentoo
gentoo
GNU Emacs: Command injection
2018-01-07 00:00:00
osv
osv
CVE-2017-14482
2017-09-14 16:29:00
emacs24 - security update
2017-09-12 00:00:00
emacs25 - security update
2017-09-15 00:00:00
amazon
amazon
Important: emacs
2017-10-12 20:38:00
ubuntucve
ubuntucve
CVE-2017-14482
2017-09-14 00:00:00
nvd
nvd
CVE-2017-14482
2017-09-14 16:29:00
oraclelinux
oraclelinux
emacs security update
2017-09-19 00:00:00
mageia
mageia
Updated emacs packages fix security vulnerability
2017-12-31 03:10:15
cvelist
cvelist
CVE-2017-14482
2017-09-14 16:00:00
centos
centos
emacs security update
2017-09-20 12:06:23
redhat
redhat
(RHSA-2017:2771) Important: emacs security update
2017-09-19 17:47:10
ibm
ibm
Security Bulletin: A vulnerability in emacs affects PowerKVM
2018-06-18 01:38:34
prion
prion
Design/Logic Flaw
2017-09-14 16:29:00
cve
cve
CVE-2017-14482
2017-09-14 16:29:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1828
2021-07-02 16:39:27