CVE-2014-7815

EPSS 5.23%
Published 14.11.2014 15:59:01
Last modified 12.04.2025 10:46:40
Source secalert@redhat.com
Teams watchlist Login
Open Login

The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.

Affected products Warnungen 0 Metrics 2 CWE 1 References 15

Data is provided by the National Vulnerability Database (NVD)

Qemu ≫ Qemu Version <= 2.1.3

Debian ≫ Debian Linux Version7.0

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux Eus Version7.3

Redhat ≫ Enterprise Linux Eus Version7.4

Redhat ≫ Enterprise Linux Eus Version7.5

Redhat ≫ Enterprise Linux Eus Version7.6

Redhat ≫ Enterprise Linux Eus Version7.7

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Server Aus Version7.3

Redhat ≫ Enterprise Linux Server Aus Version7.4

Redhat ≫ Enterprise Linux Server Aus Version7.6

Redhat ≫ Enterprise Linux Server Aus Version7.7

Redhat ≫ Enterprise Linux Workstation Version7.0

Redhat ≫ Virtualization Version3.0

Redhat ≫ Enterprise Linux Version7.0

Canonical ≫ Ubuntu Linux Version10.04 SwEdition-

Canonical ≫ Ubuntu Linux Version12.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version14.10

Suse ≫ Linux Enterprise Desktop Version12 Update-

Suse ≫ Linux Enterprise Server Version12 Update-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	5.23%	0.896

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.ubuntu.com/usn/USN-2409-1

Third Party Advisory

http://support.citrix.com/article/CTX200892

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-0349.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-0624.html

Third Party Advisory

http://secunia.com/advisories/62143

Third Party Advisory

http://secunia.com/advisories/62144

Third Party Advisory

http://www.debian.org/security/2014/dsa-3066

Third Party Advisory

http://www.debian.org/security/2014/dsa-3067

Third Party Advisory

http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e6908bfe8e07f2b452e78e677da1b45b1c0f6829

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html

Third Party Advisory

Mailing List

http://secunia.com/advisories/61484

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1157641

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2014-7815

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-7815

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-7815

EUVD