QwikSec

Security Database

CVE

CWE

Training

CVE-2014-0146

Published: Aug 10, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapshot_offset and nb_snapshots fields.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=11b128f4062dd7f89b14abc8877ff20d41b28be9

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=1078232

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

[oss-security] 20140326 QEMU image format input validation fixes (multiple CVEs)

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.