A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a json:{} value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/4xxx/CVE-2024-4467.json",
"cna_assigner": "redhat",
"cwe_ids": [
"CWE-787"
]
}