CVE-2017-2633
5.4
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
Summary
An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| QEMU | Qemu: | 1.7.2 | affected |
Weaknesses
- CWE-120: CWE-120
ADP Enrichment
CVE Program Container
Additional References
- http://www.openwall.com/lists/oss-security/2017/02/23/1
- https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=bea60dd7679364493a0d7f5b54316c767cf894ef
- https://access.redhat.com/errata/RHSA-2017:1206
- https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f64916da20eea67121d544698676295bbb105a7
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633
- https://access.redhat.com/errata/RHSA-2017:1441
- http://www.securityfocus.com/bid/96417
- https://access.redhat.com/errata/RHSA-2017:1856
- https://access.redhat.com/errata/RHSA-2017:1205
References
- http://www.openwall.com/lists/oss-security/2017/02/23/1
- https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=bea60dd7679364493a0d7f5b54316c767cf894ef
- https://access.redhat.com/errata/RHSA-2017:1206
- https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f64916da20eea67121d544698676295bbb105a7
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633
- https://access.redhat.com/errata/RHSA-2017:1441
- http://www.securityfocus.com/bid/96417
- https://access.redhat.com/errata/RHSA-2017:1856
- https://access.redhat.com/errata/RHSA-2017:1205
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.