PT-2014-3501 · Qemu+5 · Qemu+5

Published

2014-03-26

Updated

2024-06-15

CVE-2014-0146

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions QEMU versions prior to 1.7.2 QEMU versions 2.x prior to 2.0.0

Description The issue allows local users to cause a denial of service via a crafted image. This is related to the initialization of the snapshot offset and nb snapshots fields in the qcow2 open function.

Recommendations For QEMU versions prior to 1.7.2, update to version 1.7.2 or later. For QEMU versions 2.x prior to 2.0.0, update to version 2.0.0 or later.

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2014-1526

CESA-2014_0420

CVE-2014-0146

DSA-3044-1

DSA-3045-1

MGASA-2014-0426

OPENSUSE-SU-2024:10233-1

RHSA-2014:0420

RHSA-2014:0421

RHSA-2014:0434

RHSA-2014:0435

RHSA-2014:0674

RHSA-2014_0420

SUSE-SU-2015:0870-1

SUSE-SU-2015:0889-1

SUSE-SU-2015:1152-1

USN-2342-1

Affected Products

Alt Linux

Centos

Qemu

Red Hat

Suse

Ubuntu

PT-2014-3501 · Qemu+5 · Qemu+5

CVE-2014-0146

Weakness Enumeration

Related Identifiers

Affected Products

References · 184