{"id":"UBUNTU-CVE-2014-3421","details":"lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file.","modified":"2026-05-20T16:03:08.152667908Z","published":"2014-05-08T10:55:00Z","upstream":["CVE-2014-3421"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-3421"},{"type":"REPORT","url":"http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00055.html"},{"type":"REPORT","url":"http://openwall.com/lists/oss-security/2014/05/07/7"},{"type":"REPORT","url":"http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2014-3421"}],"affected":[{"package":{"name":"xemacs21-packages","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/xemacs21-packages?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2009.02.17.dfsg.2-2"],"ecosystem_specific":{"binaries":[{"binary_version":"2009.02.17.dfsg.2-2","binary_name":"xemacs21-basesupport"},{"binary_version":"2009.02.17.dfsg.2-2","binary_name":"xemacs21-basesupport-el"},{"binary_version":"2009.02.17.dfsg.2-2","binary_name":"xemacs21-mulesupport"},{"binary_version":"2009.02.17.dfsg.2-2","binary_name":"xemacs21-mulesupport-el"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-3421.json"}},{"package":{"name":"xemacs21-packages","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/xemacs21-packages?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2009.02.17.dfsg.2-4"],"ecosystem_specific":{"binaries":[{"binary_version":"2009.02.17.dfsg.2-4","binary_name":"xemacs21-basesupport"},{"binary_version":"2009.02.17.dfsg.2-4","binary_name":"xemacs21-basesupport-el"},{"binary_version":"2009.02.17.dfsg.2-4","binary_name":"xemacs21-mulesupport"},{"binary_version":"2009.02.17.dfsg.2-4","binary_name":"xemacs21-mulesupport-el"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-3421.json"}},{"package":{"name":"xemacs21-packages","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/xemacs21-packages?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2009.02.17.dfsg.2-4","2009.02.17.dfsg.2-5"],"ecosystem_specific":{"binaries":[{"binary_version":"2009.02.17.dfsg.2-5","binary_name":"xemacs21-basesupport"},{"binary_version":"2009.02.17.dfsg.2-5","binary_name":"xemacs21-basesupport-el"},{"binary_version":"2009.02.17.dfsg.2-5","binary_name":"xemacs21-mulesupport"},{"binary_version":"2009.02.17.dfsg.2-5","binary_name":"xemacs21-mulesupport-el"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-3421.json"}},{"package":{"name":"xemacs21-packages","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/xemacs21-packages?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2009.02.17.dfsg.2-5"],"ecosystem_specific":{"binaries":[{"binary_version":"2009.02.17.dfsg.2-5","binary_name":"xemacs21-basesupport"},{"binary_version":"2009.02.17.dfsg.2-5","binary_name":"xemacs21-basesupport-el"},{"binary_version":"2009.02.17.dfsg.2-5","binary_name":"xemacs21-mulesupport"},{"binary_version":"2009.02.17.dfsg.2-5","binary_name":"xemacs21-mulesupport-el"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-3421.json"}},{"package":{"name":"xemacs21-packages","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/xemacs21-packages?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2009.02.17.dfsg.3-2","2009.02.17.dfsg.3-3"],"ecosystem_specific":{"binaries":[{"binary_version":"2009.02.17.dfsg.3-3","binary_name":"xemacs21-basesupport"},{"binary_version":"2009.02.17.dfsg.3-3","binary_name":"xemacs21-basesupport-el"},{"binary_version":"2009.02.17.dfsg.3-3","binary_name":"xemacs21-mulesupport"},{"binary_version":"2009.02.17.dfsg.3-3","binary_name":"xemacs21-mulesupport-el"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-3421.json"}},{"package":{"name":"xemacs21-packages","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/xemacs21-packages?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2009.02.17.dfsg.3-3"],"ecosystem_specific":{"binaries":[{"binary_version":"2009.02.17.dfsg.3-3","binary_name":"xemacs21-basesupport"},{"binary_version":"2009.02.17.dfsg.3-3","binary_name":"xemacs21-basesupport-el"},{"binary_version":"2009.02.17.dfsg.3-3","binary_name":"xemacs21-mulesupport"},{"binary_version":"2009.02.17.dfsg.3-3","binary_name":"xemacs21-mulesupport-el"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-3421.json"}},{"package":{"name":"xemacs21-packages","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/xemacs21-packages?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2009.02.17.dfsg.3-3","2009.02.17.dfsg.3-3build1"],"ecosystem_specific":{"binaries":[{"binary_version":"2009.02.17.dfsg.3-3build1","binary_name":"xemacs21-basesupport"},{"binary_version":"2009.02.17.dfsg.3-3build1","binary_name":"xemacs21-basesupport-el"},{"binary_version":"2009.02.17.dfsg.3-3build1","binary_name":"xemacs21-mulesupport"},{"binary_version":"2009.02.17.dfsg.3-3build1","binary_name":"xemacs21-mulesupport-el"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-3421.json"}}],"schema_version":"1.7.5","severity":[{"type":"Ubuntu","score":"medium"}]}