Published: 10/08/2017 Updated: 13/02/2023

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Multiple buffer overflows in QEMU prior to 1.7.2 and 2.x prior to 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/qcow2-snapshot.c) or (2) uncompressed chunk, (3) chunk length, or (4) number of sectors in the DMG block driver (block/dmg.c).

Vulnerable Product	Search on Vulmon	Subscribe to Product
qemu qemu
qemu qemu 2.0.0

Several security issues were fixed in QEMU ...

Debian Bug report logs - #742730 image format processing issues: lack of input validation Packages: qemu-kvm, qemu; Maintainer for qemu-kvm is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Source for qemu-kvm is src:qemu (PTS, buildd, popcon) Maintainer for qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebia ...

Debian Bug report logs - #762532 CVE-2014-3640: qemu: slirp: NULL pointer deref in sosendto() Package: qemu; Maintainer for qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Source for qemu is src:qemu (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> Date: Tue, 23 Sep 2014 06:57:12 UTC ...

Several vulnerabilities were discovered in qemu, a fast processor emulator: Various security issues have been found in the block qemu drivers Malformed disk images might result in the execution of arbitrary code A NULL pointer dereference in SLIRP may result in denial of service An information leak was discovered in the VGA emulation For t ...

CWE-119 https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html https://bugzilla.redhat.com/show_bug.cgi?id=1078885 http://www.openwall.com/lists/oss-security/2014/03/26/8 http://rhn.redhat.com/errata/RHSA-2014-0421.html http://rhn.redhat.com/errata/RHSA-2014-0420.html http://www.debian.org/security/2014/dsa-3044 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c05e4667be91b46ab42b5a11babf8e84d476cc6b http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f0dce23475b5af5da6b17b97c1765271307734b6 http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=c165f7758009a4f793c1fc19ebb69cf55313450b https://usn.ubuntu.com/2342-1/https://nvd.nist.gov

CVE-2014-0145

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect