CVE-2009-3616

Name of the Vulnerable Software and Affected Versions QEMU versions 0.10.6 and earlier

Description The issue is related to multiple use-after-free vulnerabilities in the VNC server component of QEMU. These vulnerabilities might allow guest OS users to execute arbitrary code on the host OS. This can be achieved by establishing a connection from a VNC client and then performing specific actions such as disconnecting during data transfer, sending a message using incorrect integer data types, or using the Fuzzy Screen Mode protocol. The vulnerabilities are related to double free issues.

Recommendations For QEMU versions 0.10.6 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.