CVE-2015-5239: Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message…

medium6.5CVSS 3.1

AVNACLPRLUINSUCNINAH

Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.

Affected

25 ranges

Vendor	Product	Version range	Fixed in
arista	eos	—	—
arista	eos	—	—
arista	eos	—	—
arista	eos	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	qemu	< qemu 2.1+dfsg-1 (bookworm)	qemu 2.1+dfsg-1 (bookworm)
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
qemu	qemu	< 2.1.0	2.1.0
qemu	qemu	—	—
qemu	qemu	>= 0 < 2.1+dfsg-1	2.1+dfsg-1
qemu	qemu	>= 0 < 2.1+dfsg-1	2.1+dfsg-1
qemu	qemu	>= 0 < 2.1+dfsg-1	2.1+dfsg-1
qemu	qemu	>= 0 < 2.1+dfsg-1	2.1+dfsg-1
qemu	qemu	>= 0 < 2.0.0+dfsg-2ubuntu1.19	2.0.0+dfsg-2ubuntu1.19
suse	linux_enterprise_debuginfo	—	—
suse	linux_enterprise_desktop	—	—
suse	linux_enterprise_desktop	—	—
suse	linux_enterprise_server	—	—
suse	linux_enterprise_server	—	—
suse	linux_enterprise_software_development_kit	—	—
suse	linux_enterprise_software_development_kit	—	—

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

osv6.5MEDIUM