CVE-2015-5239

Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.

Weakness

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Software

Name	Vendor	Start Version	End Version
Qemu	Qemu	*	2.1.0 (excluding)
Qemu	Ubuntu	trusty	*
Qemu-kvm	Ubuntu	precise	*

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html
http://www.openwall.com/lists/oss-security/2015/09/02/7
http://www.ubuntu.com/usn/USN-2745-1
https://github.com/qemu/qemu/commit/f9a70e79391f6d7c2a912d785239ee8effc1922d
https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-5239
CWE	https://cwe.mitre.org/data/definitions/835.html

Loop with Unreachable Exit Condition ('Infinite Loop')

Weakness

Affected Software

References