ID CVE-2007-2833
Summary Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.
References
Vulnerable Configurations
  • MandrakeSoft Mandrake Linux 2007.0
    cpe:2.3:o:mandrakesoft:mandrake_linux:2007
  • cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:-:x86_64
    cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:-:x86_64
  • cpe:2.3:o:mandrakesoft:mandrake_linux:2007:-:x86_64
    cpe:2.3:o:mandrakesoft:mandrake_linux:2007:-:x86_64
  • MandrakeSoft Mandrake Corporate Server 3.0
    cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0
  • cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:-:x86_64
    cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:-:x86_64
  • MandrakeSoft Mandrake Corporate Server 4.0
    cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0
  • cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:-:x86_64
    cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:-:x86_64
  • cpe:2.3:o:debian:debian_linux:4.0:-:alpha
    cpe:2.3:o:debian:debian_linux:4.0:-:alpha
  • cpe:2.3:o:debian:debian_linux:4.0:-:amd64
    cpe:2.3:o:debian:debian_linux:4.0:-:amd64
  • cpe:2.3:o:debian:debian_linux:4.0:-:arm
    cpe:2.3:o:debian:debian_linux:4.0:-:arm
  • cpe:2.3:o:debian:debian_linux:4.0:-:hppa
    cpe:2.3:o:debian:debian_linux:4.0:-:hppa
  • cpe:2.3:o:debian:debian_linux:4.0:-:ia-32
    cpe:2.3:o:debian:debian_linux:4.0:-:ia-32
  • cpe:2.3:o:debian:debian_linux:4.0:-:ia-64
    cpe:2.3:o:debian:debian_linux:4.0:-:ia-64
  • cpe:2.3:o:debian:debian_linux:4.0:-:m68k
    cpe:2.3:o:debian:debian_linux:4.0:-:m68k
  • cpe:2.3:o:debian:debian_linux:4.0:-:mips
    cpe:2.3:o:debian:debian_linux:4.0:-:mips
  • cpe:2.3:o:debian:debian_linux:4.0:-:mipsel
    cpe:2.3:o:debian:debian_linux:4.0:-:mipsel
  • cpe:2.3:o:debian:debian_linux:4.0:-:powerpc
    cpe:2.3:o:debian:debian_linux:4.0:-:powerpc
  • cpe:2.3:o:debian:debian_linux:4.0:-:s-390
    cpe:2.3:o:debian:debian_linux:4.0:-:s-390
  • cpe:2.3:o:debian:debian_linux:4.0:-:sparc
    cpe:2.3:o:debian:debian_linux:4.0:-:sparc
  • GNU Emacs 21
    cpe:2.3:a:gnu:emacs:21
CVSS
Base: 7.8 (as of 25-06-2007 - 19:29)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1316.NASL
    description It has been discovered that emacs, the GNU Emacs editor, will crash when processing certain types of images.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25582
    published 2007-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25582
    title Debian DSA-1316-1 : emacs21 - denial of service
  • NASL family SuSE Local Security Checks
    NASL id SUSE_EMACS-4197.NASL
    description This update fixes a bug in parsing GIF images that lead to a crash of emacs. (CVE-2007-2833)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27204
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27204
    title openSUSE 10 Security Update : emacs (emacs-4197)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_EMACS-4190.NASL
    description This update fixes a bug in parsing GIF images that lead to a crash of emacs. (CVE-2007-2833)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29416
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29416
    title SuSE 10 Security Update : GNU Emacs (ZYPP Patch Number 4190)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-504-1.NASL
    description Hendrik Tews discovered that emacs21 did not correctly handle certain GIF images. By tricking a user into opening a specially crafted GIF, a remote attacker could cause emacs21 to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28108
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28108
    title Ubuntu 6.06 LTS / 6.10 / 7.04 : emacs21 vulnerability (USN-504-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-133.NASL
    description A vulnerability in emacs was discovered where it would crash when processing certain types of images. Updated packages have been patched to prevent this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 25599
    published 2007-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25599
    title Mandrake Linux Security Advisory : emacs (MDKSA-2007:133)
refmap via4
bid 24570
confirm
debian DSA-1316
mandriva MDKSA-2007:133
sectrack 1018277
secunia 26987
suse SUSE-SR:2007:019
ubuntu USN-504-1
statements via4
contributor Mark J Cox
lastmodified 2007-06-26
organization Red Hat
statement Red Hat does not consider a user-assisted crash of a user application such as Emacs to be a security issue.
Last major update 05-09-2008 - 17:24
Published 21-06-2007 - 16:30
Back to Top