Several vulnerabilities have been discovered in the QEMU processor
emulator, which may lead to the execution of arbitrary code or
denial of service. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2007-1320
Tavis Ormandy discovered that a memory management
routine of the Cirrus video driver performs insufficient bounds
checking, which might allow the execution of arbitrary code through
a heap overflow.
CVE-2007-1321
Tavis Ormandy discovered that the NE2000 network
driver and the socket code perform insufficient input validation,
which might allow the execution of arbitrary code through a heap
overflow.
CVE-2007-1322
Tavis Ormandy discovered that the "icebp"
instruction can be abused to terminate the emulation, resulting in
denial of service.
CVE-2007-1323
Tavis Ormandy discovered that the NE2000 network
driver and the socket code perform insufficient input validation,
which might allow the execution of arbitrary code through a heap
overflow.
CVE-2007-1366
Tavis Ormandy discovered that the "aam"
instruction can be abused to crash qemu through a division by zero,
resulting in denial of service.