INFCSA-2024:9302: Emacs security update
Information about definition
Identificator: INFCSA-2024:9302
Type: security
Release date: 2025-09-24 19:23:24 UTC
Information about package
GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news.
Vulnerabilities description
- CVE-2024-30203
In Emacs before 29.3, Gnus treats inline MIME contents as trusted.
- CVE-2024-30204
A flaw was found in Emacs. When Emacs is used as an email client, a preview of a crafted LaTeX document attached to an email can exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service.
- CVE-2024-30205
In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-30203
|
no information | 5.5 | no information |
|
NIST — CVE-2024-30204
|
no information | 5.5 | no information |
|
NIST — CVE-2024-30205
|
no information | 7.8 | no information |
Updated packages
Preparing to download...