CVE-2017-5956Out-of-bounds Read in Project Virglrenderer

CWE-125Out-of-bounds Read8 documents6 sources
Severity
5.5MEDIUMNVD
OSV9.8
EPSS
0.1%
top 75.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Virglrenderer Project Virglrenderer
Timeline
PublishedMar 20
Latest updateMar 15

Description

The vrend_draw_vbo function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors involving vertext_buffer_index.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Patches

Patch: www.openwall.comPatch: cgit.freedesktop.orgPatch: lists.freedesktop.org

🔴Vulnerability Details

4
OSV
libphp-phpmailer vulnerability2023-03-15
GHSA
GHSA-rmf6-f9hp-cjxh: The vrend_draw_vbo function in virglrenderer before 02022-05-17
CVEList
CVE-2017-5956: The vrend_draw_vbo function in virglrenderer before 02017-03-20
OSV
CVE-2017-5956: The vrend_draw_vbo function in virglrenderer before 02017-03-20

📋Vendor Advisories

1
Debian
CVE-2017-5956: virglrenderer - The vrend_draw_vbo function in virglrenderer before 0.6.0 allows local guest OS ...2017

💬Community

2
Bugzilla
CVE-2017-5956 Virglrenderer: OOB access while in vrend_draw_vbo2017-02-10
Bugzilla
CVE-2017-5956 virglrenderer: Virglrenderer: OOB access while in vrend_draw_vbo [fedora-all]2017-02-10
CVE-2017-5956 — Out-of-bounds Read | cvebase