Vulnerability CVE-2007-2833

Vulnerability Name:

CVE-2007-2833 (CCN-35143)

Assigned:

2007-01-29

Published:

2007-01-29

Updated:

2008-09-05

Summary:

Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.

CVSS v3 Severity:

3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
5.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Denial of Service

References:

Source: CCN
Type: GNU FTP site
FTP site

Source: CCN
Type: Debian Bug report logs - #408929
emacs21: crash on spam

Source: CONFIRM
Type: UNKNOWN
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=408929

Source: MITRE
Type: CNA
CVE-2007-2833

Source: SECUNIA
Type: UNKNOWN
26987

Source: CCN
Type: SECTRACK ID: 1018277
GNU Emacs Lets Remote Users Deny Service

Source: DEBIAN
Type: UNKNOWN
DSA-1316

Source: DEBIAN
Type: DSA-1316
emacs21 -- denial of service

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:133

Source: SUSE
Type: UNKNOWN
SUSE-SR:2007:019

Source: CCN
Type: OSVDB ID: 37512
GNU Emacs vm Mode GIF Handling DoS

Source: BID
Type: UNKNOWN
24570

Source: CCN
Type: BID-24570
GNU Emacs Image Processing Remote Denial of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1018277

Source: CCN
Type: USN-504-1
Emacs vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-504-1

Source: XF
Type: UNKNOWN
emacs-image-dos(35143)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-1490

Source: SUSE
Type: SUSE-SR:2007:019
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/o:debian:debian_linux:4.0:*:alpha:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:amd64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:arm:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:hppa:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:ia-32:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:ia-64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:m68k:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:mips:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:mipsel:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:powerpc:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:s-390:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:sparc:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*

AND

cpe:/a:gnu:emacs:21:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:gnu:emacs:21:*:*:*:*:*:*:*

AND

cpe:/o:suse:suse_linux:*:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20072833	V	CVE-2007-2833	2015-11-16
oval:org.mitre.oval:def:16922	P	USN-504-1 -- emacs21 vulnerability	2014-06-30
oval:org.mitre.oval:def:18511	P	DSA-1316-1 emacs21	2014-06-23
oval:org.debian:def:1316	V	denial of service	2007-06-21

BACK