cpe:/a:qemu:qemu:- cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~ cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~ cpe:/o:canonical:ubuntu_linux:15.10 cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~ cpe:/o:debian:debian_linux:8.0 cpe:/o:oracle:vm_server:3.3 cpe:/o:oracle:vm_server:3.4 CVE-2016-3712 2016-05-11T17:59:02.063-04:00 2018-01-04T21:30:43.277-05:00 2.1 LOCAL LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2016-09-09T22:14:21.933-04:00 SECTRACK 1035794 BID 90314 DEBIAN DSA-3573 REDHAT RHSA-2016:2585 REDHAT RHSA-2017:0621 UBUNTU USN-2974-1 MLIST [Qemu-devel] 20160509 [PULL 5/5] vga: make sure vga register setup for vbe stays intact (CVE-2016-3712). MLIST [oss-security] 20160509 CVE-2016-3712 Qemu: vga: out-of-bounds read and integer overflow issues CONFIRM http://support.citrix.com/article/CTX212736 CONFIRM http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html CONFIRM http://xenbits.xen.org/xsa/advisory-179.html Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.