In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the aticursordefine() routine while handling MMIO write operations through the atimmwrite() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service.