CVE-2007-1320

Source
https://nvd.nist.gov/vuln/detail/CVE-2007-1320
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2007-1320.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2007-1320
Related
Published
2007-05-02T17:19:00Z
Modified
2024-09-11T02:00:04Z
Summary
[none]
Details

Multiple heap-based buffer overflows in the cirrusinvalidateregion function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow.

References

Affected packages

Debian:11 / qemu

Package

Name
qemu
Purl
pkg:deb/debian/qemu?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / qemu

Package

Name
qemu
Purl
pkg:deb/debian/qemu?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / qemu

Package

Name
qemu
Purl
pkg:deb/debian/qemu?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}