The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapshot_offset and nb_snapshots fields.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Qemu | Qemu | * | 1.7.1 (including) |
| Qemu | Qemu | 2.0.0-rc0 (including) | 2.0.0-rc0 (including) |
| Qemu | Qemu | 2.0.0-rc1 (including) | 2.0.0-rc1 (including) |
| Qemu | Qemu | 2.0.0-rc2 (including) | 2.0.0-rc2 (including) |
| Qemu | Qemu | 2.0.0-rc3 (including) | 2.0.0-rc3 (including) |
| OpenStack 3 for RHEL 6 | RedHat | qemu-kvm-rhev-2:0.12.1.2-2.415.el6_5.8 | * |
| OpenStack 4 for RHEL 6 | RedHat | qemu-kvm-rhev-2:0.12.1.2-2.415.el6_5.8 | * |
| Red Hat Enterprise Linux 6 | RedHat | qemu-kvm-2:0.12.1.2-2.415.el6_5.8 | * |
| RHEV 3.X Hypervisor and Agents for RHEL-6 | RedHat | qemu-kvm-rhev-2:0.12.1.2-2.415.el6_5.8 | * |
| RHEV 3.X Hypervisor and Agents for RHEL-6 | RedHat | rhev-hypervisor6-0:6.5-20140603.2.el6ev | * |
| Qemu | Ubuntu | saucy | * |
| Qemu | Ubuntu | upstream | * |
| Qemu-kvm | Ubuntu | lucid | * |
| Qemu-kvm | Ubuntu | precise | * |
| Qemu-kvm | Ubuntu | quantal | * |