← Back

CVE-2014-7815

nvd nist
Published: Nov 14, 2014Modified: May 6, 2026

JSON object

Loading...
5.0
Vector
AV:N/AC:L/Au:N/C:N/I:N/A:P
Exploitability: 10.0 / Impact: 2.9
Source: NVD

Description

The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.

Affected (21)

Show all products
Qemu: Qemu · Debian: Debian Linux · Redhat: Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Workstation, Virtualization · Canonical: Ubuntu Linux · Suse: Linux Enterprise Desktop, Linux Enterprise Server
Qemu
1 product
Qemu
Debian
1 product
Debian Linux
Redhat
6 products
Enterprise Linux Desktop
Enterprise Linux Eus
Enterprise Linux Server
Enterprise Linux Server Aus
Enterprise Linux Workstation
Virtualization
Canonical
1 product
Ubuntu Linux
Suse
2 products
Linux Enterprise Desktop
Linux Enterprise Server
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Qemu
Up to 2.1.3
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 7.0
Configuration C
12 vulnerable
Vulnerable SoftwareAffected Versions
Enterprise Linux Desktop
Version 7.0
Redhat
Enterprise Linux Eus
Version 7.3
Enterprise Linux Eus
Version 7.4
Enterprise Linux Eus
Version 7.5
Enterprise Linux Eus
Version 7.6
Enterprise Linux Eus
Version 7.7
Enterprise Linux Server
Version 7.0
Redhat
Enterprise Linux Server Aus
Version 7.3
Enterprise Linux Server Aus
Version 7.4
Enterprise Linux Server Aus
Version 7.6
Enterprise Linux Server Aus
Version 7.7
Enterprise Linux Workstation
Version 7.0
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Virtualization
Version 3.0
Running on/withPlatform Versions
Redhat
Enterprise Linux
Version 7.0
Configuration E
4 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 10.04
Ubuntu Linux
Version 12.04
Ubuntu Linux
Version 14.04
Ubuntu Linux
Version 14.10
Configuration F
2 vulnerable
Vulnerable SoftwareAffected Versions
Linux Enterprise Desktop
Version 12
Linux Enterprise Server
Version 12

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (24)

Source: secalert@redhat.com
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Issue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party Advisory

Timeline

No history available yet.