Back to search
CVE-2008-4539
Published: Dec 29, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
35062
third-party-advisory
x_refsource_SECUNIA
[secure-testing-commits] 20081103 r10251 - data/CVE
mailing-list
x_refsource_MLIST
FEDORA-2008-11705
vendor-advisory
x_refsource_FEDORA
25073
third-party-advisory
x_refsource_SECUNIA
34642
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=466890
x_refsource_CONFIRM
USN-776-1
vendor-advisory
x_refsource_UBUNTU
33350
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=448525
x_refsource_CONFIRM
qemu-kvm-cirrusvga-bo(47736)
vdb-entry
x_refsource_XF
https://bugzilla.redhat.com/show_bug.cgi?id=237342
x_refsource_CONFIRM
SUSE-SR:2009:008
vendor-advisory
x_refsource_SUSE
29129
third-party-advisory
x_refsource_SECUNIA
http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=5587
x_refsource_CONFIRM
DSA-1799
vendor-advisory
x_refsource_DEBIAN
[debian-devel-changes] 20081101 Accepted qemu 0.9.1+svn20081101-1 (source amd64)
mailing-list
x_refsource_MLIST
35031
third-party-advisory
x_refsource_SECUNIA
https://launchpad.net/ubuntu/jaunty/+source/qemu/0.9.1+svn20081112-1ubuntu1
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now