Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
No history.
Information
Published : 2008-12-29 15:24
Updated : 2024-02-04 17:33
NVD link : CVE-2008-4539
Mitre link : CVE-2008-4539
CVE.ORG link : CVE-2008-4539
JSON object : View
Products Affected
qemu
- qemu
debian
- debian_linux
canonical
- ubuntu_linux
kvm_qumranet
- kvm
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer