FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

emacs -- enriched text remote code execution vulnerability

Affected packages
emacs-nox11 < 25.3,3
emacs25 < 25.3,3
emacs-devel < 26.0.50.20170912,2

Details

VuXML ID 47e2e52c-975c-11e7-942d-5404a68a61a2
Discovery 2017-09-04
Entry 2017-09-12
Modified 2017-09-13

Paul Eggert reports:

Charles A. Roelli has found a security flaw in the enriched mode in GNU Emacs.

When Emacs renders MIME text/enriched data (Internet RFC 1896), it is vulnerable to arbitrary code execution. Since Emacs-based mail clients decode "Content-Type: text/enriched", this code is exploitable remotely. This bug affects GNU Emacs versions 19.29 through 25.2.

References

URL http://seclists.org/oss-sec/2017/q3/422
URL https://bugs.gnu.org/28350