CVE-2014-3421

NONE
Published May 8, 201412y ago · Modified Jun 17, 20262w ago
Find Similar
Published May 8, 2014 12y ago
Last Modified Jun 17, 2026 2w ago

Description

lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file.

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-59

Affected Products 27

VendorProductVersionRange
mageia_projectmageia3any
mageia_projectmageia4any
gnuemacs* ≤24.3
gnuemacs20.0any
gnuemacs20.1any
gnuemacs20.2any
gnuemacs20.3any
gnuemacs20.4any
gnuemacs20.5any
gnuemacs20.6any
gnuemacs20.7any
gnuemacs21any
gnuemacs21.1any
gnuemacs21.2any
gnuemacs21.2.1any
gnuemacs21.3any
gnuemacs21.3.1any
gnuemacs21.4any
gnuemacs22.1any
gnuemacs22.2any
gnuemacs22.3any
gnuemacs23.1any
gnuemacs23.2any
gnuemacs23.3any
gnuemacs23.4any
gnuemacs24.1any
gnuemacs24.2any

References 5

  • advisories.mageia.org http://advisories.mageia.org/MGASA-2014-0250.html
  • debbugs.gnu.org http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8
  • lists.gnu.org http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00055.html
  • openwall.com http://openwall.com/lists/oss-security/2014/05/07/7
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2015:117

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.