Fluid Attacks Database

Description

A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel8	emacs	<1:26.1-10.el8_8.2	1:26.1-10.el8_8.2
rpm rhel9	emacs	<1:27.2-8.el9_2.1	1:27.2-8.el9_2.1

Aliases

1. CVE-2023-24912. NVD-2023-24913. OSV-2023-2491

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.