CVE-2007-2833

Summary

CVE	CVE-2007-2833
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2007-06-21 20:30:00 UTC
Updated	2008-09-05 21:24:00 UTC
Description	Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	4.0	All	alpha	All
Operating System	Debian	Debian Linux	4.0	All	amd64	All
Operating System	Debian	Debian Linux	4.0	All	arm	All
Operating System	Debian	Debian Linux	4.0	All	hppa	All
Operating System	Debian	Debian Linux	4.0	All	ia-32	All
Operating System	Debian	Debian Linux	4.0	All	ia-64	All
Operating System	Debian	Debian Linux	4.0	All	m68k	All
Operating System	Debian	Debian Linux	4.0	All	mips	All
Operating System	Debian	Debian Linux	4.0	All	mipsel	All
Operating System	Debian	Debian Linux	4.0	All	powerpc	All
Operating System	Debian	Debian Linux	4.0	All	s-390	All
Operating System	Debian	Debian Linux	4.0	All	sparc	All
Operating System	Debian	Debian Linux	4.0	All	alpha	All
Operating System	Debian	Debian Linux	4.0	All	amd64	All
Operating System	Debian	Debian Linux	4.0	All	arm	All
Operating System	Debian	Debian Linux	4.0	All	hppa	All
Operating System	Debian	Debian Linux	4.0	All	ia-32	All
Operating System	Debian	Debian Linux	4.0	All	ia-64	All
Operating System	Debian	Debian Linux	4.0	All	m68k	All
Operating System	Debian	Debian Linux	4.0	All	mips	All
Operating System	Debian	Debian Linux	4.0	All	mipsel	All
Operating System	Debian	Debian Linux	4.0	All	powerpc	All
Operating System	Debian	Debian Linux	4.0	All	s-390	All
Operating System	Debian	Debian Linux	4.0	All	sparc	All
Application	Gnu	Emacs	21	All	All	All
Application	Gnu	Emacs	21	All	All	All
Operating System	Mandrakesoft	Mandrake Linux	2007	All	All	All
Operating System	Mandrakesoft	Mandrake Linux	2007	All	x86_64	All
Operating System	Mandrakesoft	Mandrake Linux	2007.1	All	x86_64	All
Operating System	Mandrakesoft	Mandrake Linux	2007	All	All	All
Operating System	Mandrakesoft	Mandrake Linux	2007	All	x86_64	All
Operating System	Mandrakesoft	Mandrake Linux	2007.1	All	x86_64	All
Operating System	Mandrakesoft	Mandrake Linux Corporate Server	3.0	All	All	All
Operating System	Mandrakesoft	Mandrake Linux Corporate Server	3.0	All	x86_64	All
Operating System	Mandrakesoft	Mandrake Linux Corporate Server	4.0	All	All	All
Operating System	Mandrakesoft	Mandrake Linux Corporate Server	4.0	All	x86_64	All
Operating System	Mandrakesoft	Mandrake Linux Corporate Server	3.0	All	All	All
Operating System	Mandrakesoft	Mandrake Linux Corporate Server	3.0	All	x86_64	All
Operating System	Mandrakesoft	Mandrake Linux Corporate Server	4.0	All	All	All
Operating System	Mandrakesoft	Mandrake Linux Corporate Server	4.0	All	x86_64	All

References

Reference	Source	Link	Tags
USN-504-1: Emacs vulnerability \| Ubuntu	UBUNTU	www.ubuntu.com
SUSE Update for Multiple Packages - Advisories - Secunia	SECUNIA	secunia.com
Security Announcement	SUSE	www.novell.com
Debian -- Security Information -- DSA-1316-1 emacs21	DEBIAN	www.debian.org
#408929 - emacs21: crash on spam - Debian Bug report logs	CONFIRM	bugs.debian.org
GNU Emacs Lets Remote Users Deny Service - SecurityTracker	SECTRACK	www.securitytracker.com
Advisories - Mandriva Linux	MANDRIVA	www.mandriva.com
GNU Emacs Image Processing Remote Denial of Service Vulnerability	BID	www.securityfocus.com
issues.rpath.com/browse/RPL-1490	CONFIRM	issues.rpath.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Organization	Published	Contributor	Statement
Red Hat	2007-06-26	Mark J Cox	Red Hat does not consider a user-assisted crash of a user application such as Emacs to be a security issue.

There are currently no legacy QID mappings associated with this CVE.