CVE-2007-6109
emacs22 - buffer overflow
EPSS 3.0%
Description
Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain "emacs -batch -eval" command line.
How to fix CVE-2007-6109
To remediate CVE-2007-6109, upgrade the affected package to a fixed version below.
- Debian/emacs21—upgrade to 21.4a+1-5.1+lenny1 or later
- Debian/emacs22—upgrade to 22.1+1-2.1+lenny1 or later
- —upgrade to 21.4.21-4 or later
Is CVE-2007-6109 being exploited?
Low — EPSS is 3.0%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 21.4a+1-5.1+lenny1
- from 0, < 22.1+1-2.1+lenny1
- from 0, < 21.4.21-4