Michael Gruys

**Name of the Vulnerable Software and Affected Versions** QEMU versions 0.10.6 and earlier **Description** The issue is related to multiple use-after-free vulnerabilities in the VNC server component of QEMU. These vulnerabilities might allow guest OS users to execute arbitrary code on the host OS. This can be achieved by establishing a connection from a VNC client and then performing specific actions such as disconnecting during data transfer, sending a message using incorrect integer data types, or using the Fuzzy Screen Mode protocol. The vulnerabilities are related to double free issues. **Recommendations** For QEMU versions 0.10.6 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.