PT-2007-2727 · Qemu+1 · Qemu+1

Tavis Ormandy

·

Publicado

2007-05-02

·

Atualizado

2024-06-15

·

CVE-2007-1320

CVSS v2.0

7.2

Alta

VetorAV:L/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions QEMU version 0.8.2
Description The issue is related to multiple heap-based buffer overflows in the cirrus invalidate region function within the Cirrus VGA extension. This could potentially allow local users to execute arbitrary code through unspecified vectors related to attempting to mark non-existent regions as dirty.
Recommendations For QEMU version 0.8.2, consider applying a patch or updating to a newer version that addresses the heap-based buffer overflows in the cirrus invalidate region function. As a temporary workaround, restricting access to the Cirrus VGA extension might minimize the risk of exploitation.

Correção

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

CVE-2007-1320
DSA-1284-1
DSA-1384-1
DTSA-133-1
DTSA-38-1
OPENSUSE-SU-2024:11520-1
RHSA-2007:0323
RHSA-2007_0323

Produtos afetados

Qemu
Red Hat