7.2
CVE-2007-1320
- EPSS 0.49%
- Veröffentlicht 02.05.2007 17:19:00
- Zuletzt bearbeitet 16.06.2026 22:37:20
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fedoraproject ≫ Fedora Version8
Fedoraproject ≫ Fedora Version9
Fedoraproject ≫ Fedora Core Version6
Debian ≫ Debian Linux Version3.1
Debian ≫ Debian Linux Version4.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.49% | 0.384 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
http://osvdb.org/35494
http://secunia.com/advisories/25073
http://secunia.com/advisories/25095
http://secunia.com/advisories/27047
http://secunia.com/advisories/27085
http://secunia.com/advisories/27103
http://secunia.com/advisories/27486
http://secunia.com/advisories/29129
http://secunia.com/advisories/30413
http://secunia.com/advisories/33568
http://taviso.decsystem.org/virtsec.pdf
http://www.debian.org/security/2007/dsa-1284
http://www.debian.org/security/2007/dsa-1384
http://www.mandriva.com/security/advisories?name=MDKSA-2007:203
http://www.mandriva.com/security/advisories?name=MDVSA-2008:162
http://www.redhat.com/support/errata/RHSA-2007-0323.html
http://www.securityfocus.com/bid/23731
http://www.vupen.com/english/advisories/2007/1597
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10315
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00706.html
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00935.html