CVE-2024-30204: 
Emacs vulnerability analysis and mitigation

CVE-2024-30204 affects Emacs versions before 29.3, where LaTeX preview is enabled by default for e-mail attachments. The vulnerability was discovered in March 2024 and affects various versions of the Emacs text editor (NVD, Debian LTS).

The vulnerability stems from LaTeX preview being enabled by default for email attachments with specific text/x-org mime type. The issue specifically affects GNUS and MUA clients re-using gnus libs (including notmuch and mu4e), but not rmail. The vulnerability has been assigned a CVSS 3.1 Base Score of 2.8 (LOW) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L (NVD).

When exploited, the vulnerability could allow specially designed LaTeX code to generate huge PDF or log files that may exhaust disk space, leading to a denial of service condition (Emacs Commit).

The vulnerability has been fixed in Emacs 29.3 by introducing a new variable 'org--latex-preview-when-risky' that controls LaTeX preview behavior for content from untrusted sources. As a workaround for systems that cannot be upgraded, users can disable LaTeX previews by setting 'org-preview-latex-default-process' to 'verbatim' (OSS Security).

The security community has discussed the nature of this vulnerability extensively, with some debate about whether it should be considered separate from CVE-2024-30203. Several developers have suggested that the CVE assignments could be merged as they address related issues (OSS Security).