PT-2012-4747 · Gnu · Emacs

Paul Ling

Published

2012-08-25

Updated

2013-12-13

CVE-2012-3479

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Emacs versions 23.2 through 24.1

Description The issue allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file, due to the automatic execution of eval forms in local-variable sections when the enable-local-variables option is set to :safe.

Recommendations For Emacs versions 23.2 through 24.1, consider disabling the automatic execution of eval forms in local-variable sections by setting the enable-local-variables option to a more restrictive value until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2012-3479

DSA-2603-1

Affected Products

Emacs

PT-2012-4747 · Gnu · Emacs

CVE-2012-3479

Related Identifiers

Affected Products

References · 13