cpe:/a:qemu:qemu CVE-2017-14167 2017-09-08T14:29:00.297-04:00 2018-09-07T06:29:02.413-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov BID 100694 DEBIAN DSA-3991 REDHAT RHSA-2017:3368 REDHAT RHSA-2017:3369 REDHAT RHSA-2017:3466 REDHAT RHSA-2017:3470 REDHAT RHSA-2017:3471 REDHAT RHSA-2017:3472 REDHAT RHSA-2017:3473 REDHAT RHSA-2017:3474 UBUNTU USN-3575-1 MLIST [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update MLIST [oss-security] 20170907 CVE-2017-14167 Qemu: i386: multiboot OOB access while loading guest kernel image MLIST [qemu-devel] 20170905 [PATCH] multiboot: validate multiboot header address values Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write.