CVE-2024-30204: Low severity IBM Cognos Analytics vulnerability
Published Mar 25, 2024
·Updated
GNU Emacs could provide weaker than expected security, caused by an issue with LaTeX preview is enabled by default for e-mail attachments. A remote attacker could exploit this vulnerability to launch further attacks on the system.
Other sources
In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.
— Launchpad
Affected Software
9 affected componentsFixes available
redhat/emacs<29.3
29.3
IBM Cognos Analytics<=12.0.0-12.0.4
IBM Cognos Analytics<=11.2.0-11.2.4 FP5
GNU Emacs<29.3
GNU Org Mode Gnu Emacs<9.6.23
Debian Debian Linux=10.0
debian/emacs
1:27.1+1-3.1+deb11u51:27.1+1-3.1+deb11u61:28.2+1-15+deb12u41:30.1+1-5
debian/org-mode<=9.5.2+dfsh-5
9.4.0+dfsg-1+deb11u39.7.27+dfsg-19.7.29+dfsg-1
Microsoft azl3 emacs 29.3
Remediation
Event History
Mar 25, 2024
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
Description
Sep 19, 2024
Data Sourced
via Launchpad·08:43 PM
Description
Sep 23, 2024
Data Sourced
via Ubuntu·08:42 PM
RemedyDescriptionSeverityAffected Software
Sep 4, 2025
Data Sourced
via Microsoft·04:51 AM
DescriptionSeverityWeakness
Data Sourced
via Microsoft·04:51 AM
Affected Software
Updated
via Microsoft·04:51 AM
DescriptionSeverity
Frequently Asked Questions
1
What is the severity of CVE-2024-30204?
CVE-2024-30204 is classified as a moderate severity vulnerability.
2
How do I fix CVE-2024-30204?
To fix CVE-2024-30204, upgrade to Emacs version 29.3 or later.
3
Which versions of Emacs are affected by CVE-2024-30204?
CVE-2024-30204 affects all versions of Emacs prior to 29.3.
4
What impact does CVE-2024-30204 have?
CVE-2024-30204 may expose users to potential security risks through LaTeX previews enabled by default for e-mail attachments.
5
Which software packages are vulnerable to CVE-2024-30204?
The vulnerable software packages include Emacs versions prior to 29.3 and certain versions of Org-mode.