A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG (Scalable Vector Graphics) CSS (Cascading Style Sheets) data. A local user could exploit this by convincing a victim to open a malicious SVG file, which may lead to a denial of service (DoS) or potentially information disclosure.
CVSS Score
6.1
EPSS Score
0.001
Published
2026-04-22
In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)
CVSS Score
7.8
EPSS Score
0.005
Published
2024-11-27
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.
CVSS Score
9.8
EPSS Score
0.013
Published
2024-06-23
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.
CVSS Score
7.8
EPSS Score
0.011
Published
2024-03-25
In Emacs before 29.3, Gnus treats inline MIME contents as trusted.
CVSS Score
5.5
EPSS Score
0.006
Published
2024-03-25
In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.
CVSS Score
2.8
EPSS Score
0.005
Published
2024-03-25
In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.
CVSS Score
7.1
EPSS Score
0.005
Published
2024-03-25
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.
CVSS Score
7.8
EPSS Score
0.005
Published
2023-03-09
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90
CVSS Score
7.8
EPSS Score
0.011
Published
2023-03-09
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.
CVSS Score
9.8
EPSS Score
0.016
Published
2023-02-20
Page 1