CVE-2016-9603
Severity
9.9CRITICAL
EPSS
1.6%
top 18.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 27
Latest updateMay 13
Description
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.
CVSS vector
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:LExploitability: 1.3 | Impact: 3.7
Affected Packages9 packages
Also affects: Debian Linux 7.0, Enterprise Linux 7.3, 7.4, 7.5
🔴Vulnerability Details
3GHSA▶
GHSA-49mx-v59p-m55m: A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2↗2022-05-13
OSV▶
CVE-2016-9603: A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2↗2018-07-27
CVEList▶
CVE-2016-9603: A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2↗2018-07-27