[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-0223Date: (C)2014-11-05   (M)2023-12-22


Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.6
Exploit Score: 3.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-67391
DSA-3044
FEDORA-2014-6970
SUSE-SU-2015:0929
https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02156.html
http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html

CWE    1
CWE-189
OVAL    18
oval:org.secpod.oval:def:601789
oval:org.secpod.oval:def:601795
oval:org.secpod.oval:def:1500686
oval:org.secpod.oval:def:203369
...

© SecPod Technologies