CVE-2015-5225
published 2015-11-06CVE-2015-5225: Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service…
high7.2CVSS 3.1
AVLACLAuNCCICAC
Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | qemu | < qemu 1:2.4+dfsg-1a (bookworm) | qemu 1:2.4+dfsg-1a (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| qemu | qemu | <= 2.4.0 | — |
| qemu | qemu | >= 0 < 1:2.4+dfsg-1a | 1:2.4+dfsg-1a |
| qemu | qemu | >= 0 < 1:2.4+dfsg-1a | 1:2.4+dfsg-1a |
| qemu | qemu | >= 0 < 1:2.4+dfsg-1a | 1:2.4+dfsg-1a |
| qemu | qemu | >= 0 < 1:2.4+dfsg-1a | 1:2.4+dfsg-1a |
| qemu | qemu | >= 0 < 2.0.0+dfsg-2ubuntu1.17 | 2.0.0+dfsg-2ubuntu1.17 |
| redhat | openstack | — | — |
| redhat | openstack | — | — |
| redhat | openstack | — | — |
CVSS provenance
nvd7.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH