Vulnerability Description
In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.
CVSS Score
2.8
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Emacs | < 29.3 |
| Gnu | Org Mode | < 9.6.23 |
| Debian | Debian Linux | 10.0 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2024/03/25/2Mailing List
- http://www.openwall.com/lists/oss-security/2024/04/08/3Mailing List
- http://www.openwall.com/lists/oss-security/2024/04/08/4Mailing List
- http://www.openwall.com/lists/oss-security/2024/04/08/6Mailing List
- http://www.openwall.com/lists/oss-security/2024/04/08/7Mailing List
- http://www.openwall.com/lists/oss-security/2024/04/10/3Mailing List
- http://www.openwall.com/lists/oss-security/2024/04/10/4Mailing List
- http://www.openwall.com/lists/oss-security/2024/04/10/5Mailing List
- http://www.openwall.com/lists/oss-security/2024/04/10/6Mailing List
- http://www.openwall.com/lists/oss-security/2024/04/11/4Mailing List
- https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=6f9ea396f49cbePatch
- https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29Release Notes
- https://lists.debian.org/debian-lts-announce/2024/04/msg00023.htmlMailing List
- https://lists.debian.org/debian-lts-announce/2024/04/msg00024.htmlMailing List
- http://www.openwall.com/lists/oss-security/2024/03/25/2Mailing List
FAQ
What is CVE-2024-30204?
CVE-2024-30204 is a vulnerability with a CVSS score of 2.8 (LOW). In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.
How severe is CVE-2024-30204?
CVE-2024-30204 has been rated LOW with a CVSS base score of 2.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-30204?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Emacs, Gnu Org Mode, Debian Debian Linux.