Vulnerability in Gnu Emacs

CVE-2014-3423

lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.

EPSS: 0.001 (30.1th percentile) — read the EPSS interpretation.

Affected products

Gnu Emacs — versions 20.0, 20.1, 20.2
Mageia_project Mageia — versions 3, 4
N/a — versions n/a

Weakness classification (CWE)

CWE-59 — Improper Link Resolution Before File Access

References

[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs (mailing-list, x_refsource_MLIST)
[emacs-diffs] 20140506 emacs-24 r117068: browse-url.el comment (mailing-list, x_refsource_MLIST)
MDVSA-2015:117 (vendor-advisory, x_refsource_MANDRIVA)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_MISC)