CVE-2014-0146

The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapshot_offset and nb_snapshots fields.

Weakness

The product dereferences a pointer that it expects to be valid but is NULL.

Affected Software

Name	Vendor	Start Version	End Version
Qemu	Qemu	*	1.7.1 (including)
Qemu	Qemu	2.0.0-rc0 (including)	2.0.0-rc0 (including)
Qemu	Qemu	2.0.0-rc1 (including)	2.0.0-rc1 (including)
Qemu	Qemu	2.0.0-rc2 (including)	2.0.0-rc2 (including)
Qemu	Qemu	2.0.0-rc3 (including)	2.0.0-rc3 (including)
OpenStack 3 for RHEL 6	RedHat	qemu-kvm-rhev-2:0.12.1.2-2.415.el6_5.8	*
OpenStack 4 for RHEL 6	RedHat	qemu-kvm-rhev-2:0.12.1.2-2.415.el6_5.8	*
Red Hat Enterprise Linux 6	RedHat	qemu-kvm-2:0.12.1.2-2.415.el6_5.8	*
RHEV 3.X Hypervisor and Agents for RHEL-6	RedHat	qemu-kvm-rhev-2:0.12.1.2-2.415.el6_5.8	*
RHEV 3.X Hypervisor and Agents for RHEL-6	RedHat	rhev-hypervisor6-0:6.5-20140603.2.el6ev	*
Qemu	Ubuntu	saucy	*
Qemu	Ubuntu	upstream	*
Qemu-kvm	Ubuntu	lucid	*
Qemu-kvm	Ubuntu	precise	*
Qemu-kvm	Ubuntu	quantal	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-0146
CWE	https://cwe.mitre.org/data/definitions/476.html

NULL Pointer Dereference

Weakness

Affected Software

Potential Mitigations

References