CVE-2017-2633: An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC…

medium6.5CVSS 3.0

AVNACLPRLUINSUCNINAH

An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.

Affected

18 ranges

Vendor	Product	Version range	Fixed in
debian	qemu	< qemu 2.1+dfsg-1 (bookworm)	qemu 2.1+dfsg-1 (bookworm)
qemu	qemu	< 1.7.2	1.7.2
qemu	qemu	—	—
qemu	qemu	>= 0 < 2.1+dfsg-1	2.1+dfsg-1
qemu	qemu	>= 0 < 2.1+dfsg-1	2.1+dfsg-1
qemu	qemu	>= 0 < 2.1+dfsg-1	2.1+dfsg-1
qemu	qemu	>= 0 < 2.1+dfsg-1	2.1+dfsg-1
qemu	qemu	>= 0 < 2.0.0+dfsg-2ubuntu1.33	2.0.0+dfsg-2ubuntu1.33
qemu	qemu	>= 0 < 1:2.5+dfsg-5ubuntu10.11	1:2.5+dfsg-5ubuntu10.11
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_workstation	—	—
redhat	enterprise_linux_workstation	—	—

CVSS provenance

nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

osv6.5MEDIUM