CVE-2016-9603
published 2018-07-27CVE-2016-9603: A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client…
critical9.9CVSS 3.0
AVNACLPRLUINSCCHIHAH
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.
Affected
44 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_adm | — | — |
| citrix | citrix_hypervisor | — | — |
| citrix | citrix_virtual_apps_and_desktops | — | — |
| citrix | endpoint_management | — | — |
| citrix | netscaler_adc | — | — |
| citrix | netscaler_gateway | — | — |
| citrix | xenserver | — | — |
| citrix | xenserver | — | — |
| citrix | xenserver | — | — |
| citrix | xenserver | — | — |
| citrix | xenserver | — | — |
| citrix | xenserver | — | — |
| debian | debian_linux | — | — |
| debian | qemu | < qemu 1:2.8+dfsg-4 (bookworm) | qemu 1:2.8+dfsg-4 (bookworm) |
| debian | xen | < qemu 1:2.8+dfsg-4 (bookworm) | qemu 1:2.8+dfsg-4 (bookworm) |
| qemu | qemu | < 2.9.0 | 2.9.0 |
| qemu | qemu | — | — |
| qemu | qemu | >= 0 < 1:2.8+dfsg-4 | 1:2.8+dfsg-4 |
| qemu | qemu | >= 0 < 1:2.8+dfsg-4 | 1:2.8+dfsg-4 |
| qemu | qemu | >= 0 < 1:2.8+dfsg-4 | 1:2.8+dfsg-4 |
| qemu | qemu | >= 0 < 1:2.8+dfsg-4 | 1:2.8+dfsg-4 |
| qemu | qemu | >= 0 < 2.0.0+dfsg-2ubuntu1.33 | 2.0.0+dfsg-2ubuntu1.33 |
| qemu | qemu | >= 0 < 1:2.5+dfsg-5ubuntu10.11 | 1:2.5+dfsg-5ubuntu10.11 |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
CVSS provenance
nvdv3.09.9CRITICALCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
osv9.9CRITICAL