CVE-2014-7815 — Improper Input Validation in Qemu

CWE-20 — Improper Input Validation9 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

5.2%

top 10.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Canonical Ubuntu Linux Debian Linux +8 more

Timeline

PublishedNov 14

Latest updateMay 13

Description

The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages8 packages

▶Debianqemu/qemu< 2.1+dfsg-7+3

▶NVDqemu/qemu2.1.3

▶NVDredhat/virtualization3.0

▶NVDsuse/linux_enterprise_server12

▶NVDsuse/linux_enterprise_desktop12

Also affects: Debian Linux 7.0, Ubuntu Linux 10.04, 12.04, 14.04, 14.10, Enterprise Linux 7.3, 7.4, 7.5, 7.6, 7.7

🔴Vulnerability Details

GHSA

GHSA-5gvx-32vr-xx6v: The set_pixel_format function in ui/vnc↗2022-05-13

▶

CVEList

CVE-2014-7815: The set_pixel_format function in ui/vnc↗2014-11-14

▶

OSV

CVE-2014-7815: The set_pixel_format function in ui/vnc↗2014-11-14

▶

📋Vendor Advisories

Ubuntu

QEMU vulnerabilities↗2014-11-13

▶

Red Hat

qemu: vnc: insufficient bits_per_pixel from the client sanitization↗2014-10-27

▶

Debian

CVE-2014-7815: qemu - The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cau...↗2014

▶

💬Community

Bugzilla

CVE-2014-7815 qemu: vnc: insufficient bits_per_pixel from the client sanitization↗2014-10-27

▶

Bugzilla

CVE-2014-7815 qemu: vnc: insufficient bits_per_pixel from the client sanitization [fedora-all]↗2014-10-27

▶