7.2

CVE-2007-1320

EPSS 0.16%
Published 02.05.2007 17:19:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow.

Affected products Warnungen 0 Metrics 2 CWE 1 References 26

Data is provided by the National Vulnerability Database (NVD)

Qemu ≫ Qemu Version0.8.2

Xen ≫ Xen Version-

Fedoraproject ≫ Fedora Version8

Fedoraproject ≫ Fedora Version9

Fedoraproject ≫ Fedora Core Version6

Opensuse ≫ Opensuse Version11.0

Opensuse ≫ Opensuse Version11.1

Debian ≫ Debian Linux Version3.1

Debian ≫ Debian Linux Version4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.16%	0.332

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html

Third Party Advisory

Mailing List

http://osvdb.org/35494

Broken Link

http://secunia.com/advisories/25073

Third Party Advisory

http://secunia.com/advisories/25095

Third Party Advisory

http://secunia.com/advisories/27047

Third Party Advisory

http://secunia.com/advisories/27085

Third Party Advisory

http://secunia.com/advisories/27103

Third Party Advisory

http://secunia.com/advisories/27486

Third Party Advisory

http://secunia.com/advisories/29129

Third Party Advisory

http://secunia.com/advisories/30413

Third Party Advisory

http://secunia.com/advisories/33568

Third Party Advisory

http://taviso.decsystem.org/virtsec.pdf

Third Party Advisory

Technical Description

http://www.debian.org/security/2007/dsa-1284

Third Party Advisory

http://www.debian.org/security/2007/dsa-1384

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2007:203

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2008:162

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2007-0323.html

Third Party Advisory

http://www.securityfocus.com/bid/23731

Third Party Advisory

VDB Entry

http://www.vupen.com/english/advisories/2007/1597

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10315

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00706.html

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00935.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2007-1320

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-1320

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-1320

EUVD