Vulnerability Details : CVE-2007-6109
Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain "emacs -batch -eval" command line.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2007-6109
- cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-6109
1.45%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 87 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-6109
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2007-6109
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2007-6109
-
Red Hat 2007-12-11Red Hat does not consider this issue to be a security vulnerability since no trust boundary is crossed. The user must voluntarily interact with the attack mechanism to exploit this flaw, with the result being the ability to run code as themselves.
References for CVE-2007-6109
-
http://www.novell.com/linux/security/advisories/2007_25_sr.html
404 Page Not Found | SUSE
-
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
-
http://bugs.gentoo.org/show_bug.cgi?id=200297
200297 – (CVE-2007-6109) app-editors/emacs < 22.1-r3 Buffer overflow in format function (CVE-2007-6109)
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:034
Mandriva
-
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
[security-announce] SUSE Security Summary Report SUSE-SR:2008:003 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://docs.info.apple.com/article.html?artnum=307562
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/38904
GNU emacs unspecified buffer overflow CVE-2007-6109 Vulnerability Report
-
https://usn.ubuntu.com/607-1/
404: Page not found | Ubuntu
-
http://security.gentoo.org/glsa/glsa-200712-03.xml
GNU Emacs: Multiple vulnerabilities (GLSA 200712-03) — Gentoo security
-
http://www.vupen.com/english/advisories/2008/0924/references
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
Jump to