FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

qemu -- buffer overflow vulnerability in VNC

Affected packages
qemu < 2.4.0.1
qemu-devel < 2.4.0.1
qemu-sbruno < 2.4.50.g20151011
qemu-user-static < 2.4.50.g20151011

Details

VuXML ID 2b3b4c27-b0c7-11e5-8d13-bc5ff45d0f28
Discovery 2015-08-17
Entry 2016-01-01

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with the VNC display driver support is vulnerable to a buffer overflow flaw leading to a heap memory corruption issue. It could occur while refreshing the server display surface via routine vnc_refresh_server_surface().

A privileged guest user could use this flaw to corrupt the heap memory and crash the Qemu process instance OR potentially use it to execute arbitrary code on the host.

[source]

References

CVE Name CVE-2015-5225
URL http://git.qemu.org/?p=qemu.git;a=commit;h=efec4dcd2552e85ed57f276b58f09fc385727450
URL http://www.openwall.com/lists/oss-security/2015/08/21/6
URL https://github.com/seanbruno/qemu-bsd-user/commit/eb8934b0418b3b1d125edddc4fc334a54334a49b

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.