Qemu · Qemu-Img · CVE-2026-24708
**Name of the Vulnerable Software and Affected Versions**
OpenStack Nova (affected versions not specified)
**Description**
The software calls `qemu-img` without format restrictions when resizing images. A malicious QCOW header could potentially convince Nova's flat image backend to execute an unsafe image resize operation. The `qemu-img` function is involved in this issue.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.