Showing 1 - 4 of 4

CVE-2022-48339

Status Candidate

Overview

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.

Related Files

Red Hat Security Advisory 2023-3481-01: Posted Jun 7, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-3481-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.; tags | advisory, code execution; systems | linux, redhat; advisories | CVE-2022-48339; SHA-256 | ce873579913e68d504471040ff154a376c9b46704c05b74f68d9c6d71f1554ae; Download | Favorite | View

Red Hat Security Advisory 2023-2626-01: Posted May 9, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-2626-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.; tags | advisory, code execution; systems | linux, redhat; advisories | CVE-2022-48337, CVE-2022-48338, CVE-2022-48339, CVE-2023-2491; SHA-256 | 8e347e252bc4e31d4f8993ab4abd1a1c3adc3901f361d93686442f4682770896; Download | Favorite | View

Ubuntu Security Notice USN-5955-1: Posted Mar 16, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5955-1 - It was discovered that Emacs did not properly manage certain files when using htmlfontify functionality. A local attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary commands.; tags | advisory, denial of service, arbitrary, local; systems | linux, ubuntu; advisories | CVE-2022-48339; SHA-256 | 3e5afaf10660a14b4806e0904ed1caa4be875fa6f629208eb6a34f05e9c17b4b; Download | Favorite | View

Debian Security Advisory 5360-1: Posted Feb 24, 2023; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5360-1 - Xi Lu discovered that missing input sanitising in Emacs (in etags, the Ruby mode and htmlfontify) could result in the execution of arbitrary shell commands.; tags | advisory, arbitrary, shell, ruby; systems | linux, debian; advisories | CVE-2022-48337, CVE-2022-48338, CVE-2022-48339; SHA-256 | 82d11ef9e76f7318d8a66038c6614675b087dfdc2b8d50aad0fe55d3dd74b5c7; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 293 files
Ubuntu 61 files
Debian 34 files
Gentoo 32 files
LiquidWorm 10 files
nu11secur1ty 7 files
malvuln 5 files
Adam Gowdiak 4 files
liquidsky 3 files
kai6u 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,038)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,580)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,745)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,490)
UNIX (9,397)
UnixWare (187)
Windows (6,656)
Other

CVE-2022-48339

Overview

Related Files

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems