Memory Corruption Vulnerability in GNU Emacs Affects Fedora 42 and 44

Severity: Medium (Score: 45.9)

Sources: Linuxsecurity

Summary

A memory corruption vulnerability, identified as CVE-2026-6861, was published on April 22, 2026, affecting GNU Emacs when processing SVG CSS. This issue impacts users of Fedora 42 and Fedora 44, with specific updates released to address the vulnerability. The vulnerability could potentially allow attackers to exploit the memory corruption, although no active exploitation has been reported. Users are advised to update their systems using the provided commands to mitigate the risk. The updates were released by Peter Oliver, with version updates noted for both Fedora distributions. The vulnerability is significant enough to warrant immediate attention from users of the affected versions. The updates can be installed using the 'dnf' package manager, ensuring users are protected from potential exploits. Key Points: • CVE-2026-6861 affects GNU Emacs in Fedora 42 and 44 due to memory corruption. • Updates were released on April 22, 2026, to fix the vulnerability. • Users are urged to apply the patches immediately to mitigate risks.

Key Entities

• CVE-2026-6861 (cve)
• CWE-120 - Classic Buffer Overflow (cwe)