ID CVE-2007-2833
Summary Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.
References
Vulnerable Configurations
  • cpe:2.3:o:debian:debian_linux:4.0:*:alpha:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:4.0:*:alpha:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:4.0:*:amd64:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:4.0:*:amd64:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:4.0:*:arm:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:4.0:*:arm:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:4.0:*:hppa:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:4.0:*:hppa:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:4.0:*:ia-32:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:4.0:*:ia-32:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:4.0:*:ia-64:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:4.0:*:ia-64:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:4.0:*:m68k:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:4.0:*:m68k:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:4.0:*:mips:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:4.0:*:mips:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:4.0:*:mipsel:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:4.0:*:mipsel:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:4.0:*:powerpc:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:4.0:*:powerpc:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:4.0:*:s-390:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:4.0:*:s-390:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:4.0:*:sparc:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:4.0:*:sparc:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:x86_64:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:x86_64:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*
  • cpe:2.3:a:gnu:emacs:21:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:emacs:21:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 05-09-2008 - 21:24)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
refmap via4
bid 24570
confirm
debian DSA-1316
mandriva MDKSA-2007:133
sectrack 1018277
secunia 26987
suse SUSE-SR:2007:019
ubuntu USN-504-1
statements via4
contributor Mark J Cox
lastmodified 2007-06-26
organization Red Hat
statement Red Hat does not consider a user-assisted crash of a user application such as Emacs to be a security issue.
Last major update 05-09-2008 - 21:24
Published 21-06-2007 - 20:30
Last modified 05-09-2008 - 21:24
Back to Top