Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.

This update fixes a bug in parsing GIF images that lead to a crash of emacs. (CVE-2007-2833)

Hendrik Tews discovered that emacs21 did not correctly handle certain GIF images. By tricking a user into opening a specially crafted GIF, a remote attacker could cause emacs21 to crash, resulting in a denial of service.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

A vulnerability in emacs was discovered where it would crash when processing certain types of images.

Updated packages have been patched to prevent this issue.

It has been discovered that emacs, the GNU Emacs editor, will crash when processing certain types of images.

ID	Name	Product	Family	Severity
29416	SuSE 10 Security Update : GNU Emacs (ZYPP Patch Number 4190)	Nessus	SuSE Local Security Checks	high
28108	Ubuntu 6.06 LTS / 6.10 / 7.04 : emacs21 vulnerability (USN-504-1)	Nessus	Ubuntu Local Security Checks	high
27204	openSUSE 10 Security Update : emacs (emacs-4197)	Nessus	SuSE Local Security Checks	high
25599	Mandrake Linux Security Advisory : emacs (MDKSA-2007:133)	Nessus	Mandriva Local Security Checks	high
25582	Debian DSA-1316-1 : emacs21 - denial of service	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2007-2833

medium

Tenable Plugins

high

high

high

high

high