Vulnerability Details : CVE-2007-2833
Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.
Vulnerability category: Denial of service
Products affected by CVE-2007-2833
- cpe:2.3:o:debian:debian_linux:4.0:*:ia-32:*:*:*:*:*When used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 3.0 X86 64 EditionWhen used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 4.0 X86 64 Edition
- cpe:2.3:o:debian:debian_linux:4.0:*:ia-64:*:*:*:*:*When used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 3.0 X86 64 EditionWhen used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 4.0 X86 64 Edition
- cpe:2.3:o:debian:debian_linux:4.0:*:arm:*:*:*:*:*When used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 3.0 X86 64 EditionWhen used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 4.0 X86 64 Edition
- cpe:2.3:o:debian:debian_linux:4.0:*:hppa:*:*:*:*:*When used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 3.0 X86 64 EditionWhen used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 4.0 X86 64 Edition
- cpe:2.3:o:debian:debian_linux:4.0:*:sparc:*:*:*:*:*When used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 3.0 X86 64 EditionWhen used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 4.0 X86 64 Edition
- cpe:2.3:o:debian:debian_linux:4.0:*:m68k:*:*:*:*:*When used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 3.0 X86 64 EditionWhen used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 4.0 X86 64 Edition
- cpe:2.3:o:debian:debian_linux:4.0:*:mips:*:*:*:*:*When used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 3.0 X86 64 EditionWhen used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 4.0 X86 64 Edition
- cpe:2.3:o:debian:debian_linux:4.0:*:alpha:*:*:*:*:*When used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 3.0 X86 64 EditionWhen used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 4.0 X86 64 Edition
- cpe:2.3:o:debian:debian_linux:4.0:*:amd64:*:*:*:*:*When used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 3.0 X86 64 EditionWhen used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 4.0 X86 64 Edition
- cpe:2.3:o:debian:debian_linux:4.0:*:mipsel:*:*:*:*:*When used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 3.0 X86 64 EditionWhen used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 4.0 X86 64 Edition
- cpe:2.3:o:debian:debian_linux:4.0:*:powerpc:*:*:*:*:*When used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 3.0 X86 64 EditionWhen used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 4.0 X86 64 Edition
- cpe:2.3:o:debian:debian_linux:4.0:*:s-390:*:*:*:*:*When used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 3.0 X86 64 EditionWhen used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 4.0 X86 64 Edition
- cpe:2.3:a:gnu:emacs:21:*:*:*:*:*:*:*When used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 3.0 X86 64 EditionWhen used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 4.0 X86 64 Edition
Exploit prediction scoring system (EPSS) score for CVE-2007-2833
10.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-2833
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
Vendor statements for CVE-2007-2833
-
Red Hat 2007-06-26Red Hat does not consider a user-assisted crash of a user application such as Emacs to be a security issue.
References for CVE-2007-2833
-
http://www.novell.com/linux/security/advisories/2007_19_sr.html
404 Page Not Found | SUSE
-
http://www.ubuntu.com/usn/usn-504-1
-
http://www.debian.org/security/2007/dsa-1316
-
http://www.securitytracker.com/id?1018277
-
https://issues.rpath.com/browse/RPL-1490
-
http://www.securityfocus.com/bid/24570
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:133
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=408929
Jump to