Fluid Attacks Database

Description

A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG (Scalable Vector Graphics) CSS (Cascading Style Sheets) data. A local user could exploit this by convincing a victim to open a malicious SVG file, which may lead to a denial of service (DoS) or potentially information disclosure.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	emacs	=1:30.1+1-6 \|\| =1:30.1+1-7 \|\| =1:30.1+1-8 \|\| =1:30.1+1-9 \|\| =1:30.2+1-1 \|\| =1:30.2+1-2 \|\| >=0 <1:30.2+1-3	1:30.2+1-3
debian 12	emacs	=1:28.2+1-15 \|\| =1:28.2+1-15+deb12u1 \|\| =1:28.2+1-15+deb12u2 \|\| =1:28.2+1-15+deb12u3 \|\| =1:28.2+1-15+deb12u4 \|\| =1:28.2+1-16 \|\| =1:29.1+1-1 \|\| =1:29.1+1-2 \|\| =1:29.1+1-3 \|\| =1:29.1+1-4 \|\| =1:29.1+1-5 \|\| =1:29.1+1-5~bpo12+1 \|\| =1:29.2+1-1 \|\| =1:29.2+1-2 \|\| =1:29.2+1-2~bpo12+1 \|\| =1:29.3+1-1 \|\| =1:29.3+1-2 \|\| =1:29.3+1-2~bpo12+1 \|\| =1:29.3+1-3 \|\| =1:29.3+1-3~bpo12+1 \|\| =1:29.4+1-1 \|\| =1:29.4+1-2 \|\| =1:29.4+1-2~bpo12+1 \|\| =1:29.4+1-3 \|\| =1:29.4+1-4 \|\| =1:29.4+1-4~bpo12+1 \|\| =1:29.4+1-5 \|\| =1:29.4+1-6 \|\| =1:29.4+1-6+alpha \|\| =1:30.1+1-1 \|\| =1:30.1+1-2 \|\| =1:30.1+1-3 \|\| =1:30.1+1-3~bpo12+1 \|\| =1:30.1+1-4 \|\| =1:30.1+1-4~bpo12+1 \|\| =1:30.1+1-5 \|\| =1:30.1+1-5~bpo12+1 \|\| =1:30.1+1-6 \|\| =1:30.1+1-6~bpo12+1 \|\| =1:30.1+1-7 \|\| =1:30.1+1-8 \|\| =1:30.1+1-9 \|\| =1:30.2+1-1 \|\| =1:30.2+1-2 \|\| =1:30.2+1-3	-
debian 11	emacs	=1:27.1+1-3.1 \|\| =1:27.1+1-3.1+deb11u1 \|\| =1:27.1+1-3.1+deb11u2 \|\| =1:27.1+1-3.1+deb11u3 \|\| =1:27.1+1-3.1+deb11u4 \|\| =1:27.1+1-3.1+deb11u5 \|\| =1:27.1+1-3.1+deb11u6 \|\| =1:28.1+1-1 \|\| =1:28.1+1-2 \|\| =1:28.1+1-2+m68k \|\| =1:28.1+1-3 \|\| =1:28.1+1-4 \|\| =1:28.2+1-1 \|\| =1:28.2+1-10 \|\| =1:28.2+1-11 \|\| =1:28.2+1-12 \|\| =1:28.2+1-13 \|\| =1:28.2+1-14 \|\| =1:28.2+1-15 \|\| =1:28.2+1-16 \|\| =1:28.2+1-2 \|\| =1:28.2+1-3 \|\| =1:28.2+1-4 \|\| =1:28.2+1-5 \|\| =1:28.2+1-6 \|\| =1:28.2+1-7 \|\| =1:28.2+1-8 \|\| =1:28.2+1-9 \|\| =1:29.1+1-1 \|\| =1:29.1+1-2 \|\| =1:29.1+1-3 \|\| =1:29.1+1-4 \|\| =1:29.1+1-5 \|\| =1:29.1+1-5~bpo12+1 \|\| =1:29.2+1-1 \|\| =1:29.2+1-2 \|\| =1:29.2+1-2~bpo12+1 \|\| =1:29.3+1-1 \|\| =1:29.3+1-2 \|\| =1:29.3+1-2~bpo12+1 \|\| =1:29.3+1-3 \|\| =1:29.3+1-3~bpo12+1 \|\| =1:29.4+1-1 \|\| =1:29.4+1-2 \|\| =1:29.4+1-2~bpo12+1 \|\| =1:29.4+1-3 \|\| =1:29.4+1-4 \|\| =1:29.4+1-4~bpo12+1 \|\| =1:29.4+1-5 \|\| =1:29.4+1-6 \|\| =1:29.4+1-6+alpha \|\| =1:30.1+1-1 \|\| =1:30.1+1-2 \|\| =1:30.1+1-3 \|\| =1:30.1+1-3~bpo12+1 \|\| =1:30.1+1-4 \|\| =1:30.1+1-4~bpo12+1 \|\| =1:30.1+1-5 \|\| =1:30.1+1-5~bpo12+1 \|\| =1:30.1+1-6 \|\| =1:30.1+1-6~bpo12+1 \|\| =1:30.1+1-7 \|\| =1:30.1+1-8 \|\| =1:30.1+1-9 \|\| =1:30.2+1-1 \|\| =1:30.2+1-2 \|\| =1:30.2+1-3	-
debian 13	emacs	=1:30.1+1-6 \|\| =1:30.1+1-7 \|\| =1:30.1+1-8 \|\| =1:30.1+1-9 \|\| =1:30.2+1-1 \|\| =1:30.2+1-2 \|\| =1:30.2+1-3	-

Aliases

1. CVE-2026-68612. NVD-2026-68613. OSV-DEBIAN-2026-68614. OSV-2026-68615. SECURITY-TRACKER-CVE-2026-6861

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.