Vulnerability in Gnu Emacs
CVE-2012-3479
lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs L…
EPSS: 0.023 (85.0th percentile) — read the EPSS interpretation.
Affected products
- Gnu Emacs — versions 23.2, 23.3, 23.4
- N/a — versions n/a
References
- SSA:2012-228-02 (vendor-advisory, x_refsource_SLACKWARE)
- secalert@redhat.com (x_refsource_CONFIRM)
- openSUSE-SU-2012:1348 (vendor-advisory, x_refsource_SUSE)
- 50801 (x_refsource_SECUNIA, third-party-advisory)
- [oss-security] 20120812 Re: Security flaw in GNU Emacs file-local variables (mailing-list, x_refsource_MLIST)
- USN-1586-1 (x_refsource_UBUNTU, vendor-advisory)
- 54969 (vdb-entry, x_refsource_BID)
- 1027375 (vdb-entry, x_refsource_SECTRACK)
- [oss-security] 20120813 Security flaw in GNU Emacs file-local variables (mailing-list, x_refsource_MLIST, Patch)
- 50157 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)