CVE-2014-7815 — MEDIUM (5.0)

Q: What is CVE-2014-7815?

CVE-2014-7815 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.

Q: How severe is CVE-2014-7815?

CVE-2014-7815 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-7815?

Check the references section above for vendor advisories and patch information. Affected products include: Qemu Qemu, Debian Debian Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus, Redhat Enterprise Linux Server.

Vulnerability Description

The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Qemu	Qemu	<= 2.1.3
Debian	Debian Linux	7.0
Redhat	Enterprise Linux Desktop	7.0
Redhat	Enterprise Linux Eus	7.3
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Server Aus	7.3
Redhat	Enterprise Linux Workstation	7.0
Redhat	Virtualization	3.0
Redhat	Enterprise Linux	7.0
Canonical	Ubuntu Linux	10.04
Suse	Linux Enterprise Desktop	12
Suse	Linux Enterprise Server	12

Related Weaknesses (CWE)

CWE-20

References

http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e6908bfe8e07f2b452e78e677da1b45b1
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0349.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0624.htmlThird Party Advisory
http://secunia.com/advisories/61484Third Party Advisory
http://secunia.com/advisories/62143Third Party Advisory
http://secunia.com/advisories/62144Third Party Advisory
http://support.citrix.com/article/CTX200892Third Party Advisory
http://www.debian.org/security/2014/dsa-3066Third Party Advisory
http://www.debian.org/security/2014/dsa-3067Third Party Advisory
http://www.ubuntu.com/usn/USN-2409-1Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1157641Issue TrackingThird Party Advisory
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e6908bfe8e07f2b452e78e677da1b45b1
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0349.htmlThird Party Advisory

FAQ

What is CVE-2014-7815?

CVE-2014-7815 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.

How severe is CVE-2014-7815?

CVE-2014-7815 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-7815?

Check the references section above for vendor advisories and patch information. Affected products include: Qemu Qemu, Debian Debian Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus, Redhat Enterprise Linux Server.