Primary

Context

GNU Emacs Memory Corruption Vulnerability in SVG CSS Processing

Vulnerability

A memory corruption vulnerability has been identified in GNU Emacs versions 28.1 prior to 30.2. This flaw, an off-by-one heap buffer overflow and uninitialized read, occurs when Emacs processes specially crafted SVG (Scalable Vector Graphics) CSS (Cascading Style Sheets) data. A local user could exploit this vulnerability by convincing a victim to open a malicious SVG file, potentially leading to a denial-of-service condition or information disclosure.

Impact

Exploitation of this vulnerability causes a denial-of-service by crashing Emacs or consuming excessive system resources. Additionally, the memory corruption could be leveraged to execute unauthorized code, bypassing Emacs's protection mechanisms.

Reproduction

To reproduce this vulnerability, open a malicious SVG file that contains specially crafted CSS data using an affected version of GNU Emacs. The off-by-one buffer overflow can be exploited by the crafted data, leading to memory corruption.

Added: Apr 22, 2026, 2:19 PM

Updated: Apr 22, 2026, 2:19 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

1.3

exploitability

4.6

remediation

0.0

relevance

6.5

threat

1.6

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

1.3

exploitability

4.6

remediation

0.0

relevance

6.5

threat

1.6

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GNU Emacs Memory Corruption Vulnerability in SVG CSS Processing

Vulnerability

Impact

Reproduction

Affected Products

GNU Emacs

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating