PT-2007-6761 · Gnu · Emacs

Published

2007-11-02

Updated

2024-06-15

CVE-2007-5795

CVSS v2.0

6.3

Medium

Vector

AV:L/AC:M/Au:N/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions Emacs versions prior to 22.2

Description The issue concerns the hack-local-variables function, which does not properly search lists of unsafe or risky variables when enable-local-variables is set to :safe. This could allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration.

Recommendations For Emacs versions prior to 22.2, update to version 22.2 or later to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-5795

DTSA-79-1

OPENSUSE-SU-2024:10735-1

Affected Products

Emacs

PT-2007-6761 · Gnu · Emacs

CVE-2007-5795

Related Identifiers

Affected Products

References · 24