CVE Vulnerabilities

CVE-2014-0223

Published: Nov 04, 2014 | Modified: Feb 13, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
4.3 MODERATE
AV:A/AC:H/Au:N/C:P/I:P/A:P
RedHat/V3
Ubuntu
MEDIUM

Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read.

Affected Software

Name Vendor Start Version End Version
Linux_enterprise_server Suse 11.0-sp1 (including) 11.0-sp1 (including)
OpenStack 4 for RHEL 6 RedHat qemu-kvm-rhev-2:0.12.1.2-2.415.el6_5.14 *
Red Hat Enterprise Linux 6 RedHat qemu-kvm-2:0.12.1.2-2.415.el6_5.14 *
Red Hat Enterprise Linux 7 RedHat qemu-kvm-10:1.5.3-60.el7_0.5 *
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 RedHat qemu-kvm-rhev-2:0.12.1.2-2.415.el6_5.14 *
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 RedHat qemu-kvm-rhev-10:1.5.3-60.el7_0.7 *
RHEV 3.X Hypervisor and Agents for RHEL-6 RedHat qemu-kvm-rhev-2:0.12.1.2-2.415.el6_5.14 *
RHEV 3.X Hypervisor and Agents for RHEL-6 RedHat rhev-hypervisor6-0:6.5-20140821.1.el6ev *
Qemu Ubuntu saucy *
Qemu Ubuntu trusty *
Qemu Ubuntu upstream *
Qemu-kvm Ubuntu lucid *
Qemu-kvm Ubuntu precise *
Qemu-kvm Ubuntu quantal *
Qemu-kvm Ubuntu upstream *

References