Gnu Emacs
12 CVEs affecting Gnu Emacs. Latest disclosed: 2026-04-22. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-14482 | High | 8.8 | 2017-09-14 | GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML e… |
CVE-2014-9483 | High | 7.5 | 2017-08-28 | Emacs 24.4 allows remote attackers to bypass security restrictions. |
CVE-2026-6861 | Medium | 6.1 | 2026-04-22 | A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG (Scalable Vector Graphics) CSS… |
CVE-2017-1000383 | Medium | 5.5 | 2017-10-31 | GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may b… |
CVE-2014-3424 | | 2014-05-08 | lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file. | |
CVE-2014-3423 | | 2014-05-08 | lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file. | |
CVE-2014-3422 | | 2014-05-08 | lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/es… | |
CVE-2014-3421 | | 2014-05-08 | lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary fi… | |
CVE-2012-1103 | | 2012-09-25 | emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML ta… | |
CVE-2012-3479 | | 2012-08-25 | lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to… | |
CVE-2012-0035 | | 2012-01-19 | Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges vi… | |
CVE-2010-0825 | | 2010-04-05 | lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improp… |