QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2016-9603

Back to search

CVE-2016-9603

Published: Jul 27, 2018

Modified: Aug 6, 2024

PUBLISHED

CVSS v3.0

5.5

MEDIUM

Description

A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

VendorProductVersions

QEMU

Qemu:

affected
2.9

Weaknesses (CWE)

CWE-122

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

References

96893
vdb-entry
x_refsource_BID
RHSA-2017:0983
vendor-advisory
x_refsource_REDHAT
RHSA-2017:0982
vendor-advisory
x_refsource_REDHAT
GLSA-201706-03
vendor-advisory
x_refsource_GENTOO
RHSA-2017:1206
vendor-advisory
x_refsource_REDHAT
1038023
vdb-entry
x_refsource_SECTRACK
RHSA-2017:0985
vendor-advisory
x_refsource_REDHAT
RHSA-2017:0987
vendor-advisory
x_refsource_REDHAT
RHSA-2017:0984
vendor-advisory
x_refsource_REDHAT
RHSA-2017:0988
vendor-advisory
x_refsource_REDHAT
RHSA-2017:1441
vendor-advisory
x_refsource_REDHAT
RHSA-2017:0981
vendor-advisory
x_refsource_REDHAT
RHSA-2017:0980
vendor-advisory
x_refsource_REDHAT
RHSA-2017:1205
vendor-advisory
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now