CVE-2017-7980 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Qemu
Severity
7.8HIGHNVD
EPSS
0.2%
top 62.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 25
Latest updateMay 13
Description
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages7 packages
Also affects: Debian Linux 8.0, Ubuntu Linux 14.04, 16.04, 16.10, 17.04, Enterprise Linux 7.3, 7.4, 7.6, 7.5
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-w847-jx6c-6j35: Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2↗2022-05-13
OSV▶
CVE-2017-7980: Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2↗2017-07-25
CVEList▶
CVE-2017-7980: Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2↗2017-07-25