CVE-2019-13164

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-13164
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-13164.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-13164
Downstream
Related
Published
2019-07-03T14:15:10.370Z
Modified
2026-02-24T01:16:50.865491Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass.

References

Affected packages

Git / gitlab.com/libtiff/libtiff

Affected ranges

Type
GIT
Repo
https://gitlab.com/libtiff/libtiff
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f7b79dc7dc86ccbaabe9882e2b9ffa5ee8dac917

Affected versions

v3.*
v3.5.3
v3.5.4
v3.5.5
v3.5.7
v3.6.0
v3.6.0beta2
v3.6.1
v3.7.0
v3.7.0alpha
v3.7.0beta
v3.7.0beta2
v3.7.1
v3.7.2
v3.7.3
v3.7.4
v3.8.0
v3.8.1
v3.8.2
v4.*
v4.0.0
v4.0.0alpha
v4.0.0alpha4
v4.0.0alpha5
v4.0.0alpha6
v4.0.0beta7

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-13164.json"