Denial Of Service (DoS)

2022-04-2711:56:54

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

31.2%

JSON

qemu is vulnerable to denial of service. The vulnerability exists due to a heap-based buffer overflow via a double fetch of guest controlled values cursor->header.width and cursor->header.height which causes an application crash.

CPENameOperatorVersion
qemu:sideq1:5.1+dfsg-4+b1
qemu:sideq1:5.1+dfsg-4+b2
qemu:sideq1:5.1+dfsg-4
qemu:bookwormeq1:6.1+dfsg-6
qemu:bullseyeeq1:5.1+dfsg-4+b1
qemu:bullseyeeq1:5.1+dfsg-4
qemu:bioniceq1:2.11+dfsg-1ubuntu7
qemu:bioniceq1:2.11+dfsg-1ubuntu7.37
qemu:bioniceq1:2.11+dfsg-1ubuntu7.31
qemu:bioniceq1:2.11+dfsg-1ubuntu7.32

Name	Operator	Version
qemu:sid	eq	1:5.1+dfsg-4+b1
qemu:sid	eq	1:5.1+dfsg-4+b2
qemu:sid	eq	1:5.1+dfsg-4
qemu:bookworm	eq	1:6.1+dfsg-6
qemu:bullseye	eq	1:5.1+dfsg-4+b1
qemu:bullseye	eq	1:5.1+dfsg-4
qemu:bionic	eq	1:2.11+dfsg-1ubuntu7
qemu:bionic	eq	1:2.11+dfsg-1ubuntu7.37
qemu:bionic	eq	1:2.11+dfsg-1ubuntu7.31
qemu:bionic	eq	1:2.11+dfsg-1ubuntu7.32