CVE-2007-1320

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2007-1320

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2007-1320.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2007-1320

Related

Published

2007-05-02T17:19:00Z

Modified

2024-09-11T02:00:04Z

Summary

[none]

Details

Multiple heap-based buffer overflows in the cirrusinvalidateregion function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow.

References

Affected packages

Debian:11 / qemu

Package

Name: qemu
Purl: pkg:deb/debian/qemu?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / qemu

Package

Name: qemu
Purl: pkg:deb/debian/qemu?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / qemu

Package

Name: qemu
Purl: pkg:deb/debian/qemu?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}