qemu vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the qemu package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Use After Free	*
H Buffer Overflow	*
H Buffer Overflow	*
L Missing Release of Resource after Effective Lifetime	<1:2.8+dfsg-6+deb9u17
M Off-by-one Error	<1:2.8+dfsg-6+deb9u17
H Use After Free	*
H Use After Free	<1:2.8+dfsg-6+deb9u17
M Resource Exhaustion	*
H Out-of-bounds Write	<1:2.8+dfsg-6+deb9u15
H Release of Invalid Pointer or Reference	<1:2.8+dfsg-6+deb9u15
L Access of Uninitialized Pointer	<1:2.8+dfsg-6+deb9u15
L Access of Uninitialized Pointer	*
L Access of Uninitialized Pointer	<1:2.8+dfsg-6+deb9u15
L Access of Uninitialized Pointer	<1:2.8+dfsg-6+deb9u17
M Allocation of Resources Without Limits or Throttling	<1:2.8+dfsg-6+deb9u15
L Out-of-Bounds	*
M Loop with Unreachable Exit Condition ('Infinite Loop')	<1:2.8+dfsg-6+deb9u14
M Loop with Unreachable Exit Condition ('Infinite Loop')	<1:2.8+dfsg-6+deb9u14
M Loop with Unreachable Exit Condition ('Infinite Loop')	<1:2.8+dfsg-6+deb9u14
M Out-of-Bounds	<1:2.8+dfsg-6+deb9u14
M Out-of-bounds Read	<1:2.8+dfsg-6+deb9u13
L Use After Free	<1:2.8+dfsg-6+deb9u14
H Use After Free	<1:2.8+dfsg-6+deb9u13
L Integer Overflow or Wraparound	<1:2.8+dfsg-6+deb9u14
M NULL Pointer Dereference	<1:2.8+dfsg-6+deb9u17
L Out-of-bounds Read	<1:2.8+dfsg-6+deb9u13
L Out-of-bounds Read	<1:2.8+dfsg-6+deb9u10
M NULL Pointer Dereference	*
M NULL Pointer Dereference	*
M NULL Pointer Dereference	*
L Loop with Unreachable Exit Condition ('Infinite Loop')	*
M Loop with Unreachable Exit Condition ('Infinite Loop')	<1:2.8+dfsg-6+deb9u13
M Out-of-bounds Read	<1:2.8+dfsg-6+deb9u13
L Reachable Assertion	<1:2.8+dfsg-6+deb9u12
M Reachable Assertion	<1:2.8+dfsg-6+deb9u12
L NULL Pointer Dereference	*
L NULL Pointer Dereference	*
L NULL Pointer Dereference	*
M Loop with Unreachable Exit Condition ('Infinite Loop')	<1:2.8+dfsg-6+deb9u12
M Out-of-bounds Read	<1:2.8+dfsg-6+deb9u12
L Use After Free	<1:2.8+dfsg-6+deb9u13
M Out-of-bounds Write	<1:2.8+dfsg-6+deb9u12
M Out-of-bounds Read	<1:2.8+dfsg-6+deb9u11
M Out-of-bounds Write	<1:2.8+dfsg-6+deb9u14
L Reachable Assertion	<1:2.8+dfsg-6+deb9u11
M Out-of-bounds Write	<1:2.8+dfsg-6+deb9u10
L Use After Free	<1:2.8+dfsg-6+deb9u13
L NULL Pointer Dereference	<1:2.8+dfsg-6+deb9u13
M Out-of-bounds Read	<1:2.8+dfsg-6+deb9u10
M Out-of-bounds Write	<1:2.8+dfsg-6+deb9u10
L NULL Pointer Dereference	<1:2.8+dfsg-6+deb9u10
M Out-of-Bounds	<1:2.8+dfsg-6+deb9u10
L Out-of-bounds Write	<1:2.8+dfsg-6+deb9u10
L Out-of-bounds Read	<1:2.8+dfsg-6+deb9u10
M Out-of-bounds Read	<1:2.8+dfsg-6+deb9u11
M Use After Free	<1:2.8+dfsg-6+deb9u10
L Memory Leak	<1:2.8+dfsg-6+deb9u10
M Buffer Overflow	<1:2.8+dfsg-6+deb9u10
M Out-of-bounds Write	<1:2.8+dfsg-6+deb9u11
M Out-of-bounds Write	<1:2.8+dfsg-6+deb9u9
L Improper Check for Unusual or Exceptional Conditions	*
H Use After Free	<1:2.8+dfsg-6+deb9u9
L NULL Pointer Dereference	*
L Loop with Unreachable Exit Condition ('Infinite Loop')	<1:2.8+dfsg-6+deb9u10
H Out-of-bounds Write	<1:2.8+dfsg-6+deb9u8
H CVE-2019-13164	<1:2.8+dfsg-6+deb9u8
L OS Command Injection	*
L OS Command Injection	*
H NULL Pointer Dereference	<1:2.8+dfsg-6+deb9u6
L Integer Overflow or Wraparound	*
C Out-of-Bounds	<1:2.8+dfsg-6+deb9u8
M Use of Uninitialized Resource	<1:2.8+dfsg-6+deb9u6
L Improper Data Handling	*
M Out-of-bounds Read	<1:2.8+dfsg-6+deb9u6
H Out-of-bounds Write	<1:2.8+dfsg-6+deb9u6
M Time-of-check Time-of-use (TOCTOU)	<1:2.8+dfsg-6+deb9u6
L Integer Overflow or Wraparound	*
M Race Condition	<1:2.8+dfsg-6+deb9u6
M Use After Free	<1:2.8+dfsg-6+deb9u6
M Out-of-bounds Read	<1:2.8+dfsg-6+deb9u6
M Out-of-bounds Read	<1:2.8+dfsg-6+deb9u6
L Integer Overflow or Wraparound	*
H Integer Overflow or Wraparound	<1:2.8+dfsg-6+deb9u6
M Integer Overflow or Wraparound	<1:2.8+dfsg-6+deb9u5
H Out-of-Bounds	<1:2.8+dfsg-6+deb9u5
C Integer Overflow or Wraparound	<1:2.8+dfsg-6+deb9u5
L CVE-2018-15746	*
H Improper Privilege Management	<1.5.0+dfsg-1
H Stack-based Buffer Overflow	<1:2.8+dfsg-3
L Improper Privilege Management	<2.1+dfsg-1
C Out-of-bounds Read	<1:2.8+dfsg-3
L Improper Input Validation	<2.1+dfsg-1
M Loop with Unreachable Exit Condition ('Infinite Loop')	<2.1+dfsg-1
H Improper Input Validation	<2.0.0+dfsg-1
M Loop with Unreachable Exit Condition ('Infinite Loop')	<2.0.0+dfsg-1
M Buffer Overflow	<1:2.4+dfsg-1a
L Loop with Unreachable Exit Condition ('Infinite Loop')	<1:2.4+dfsg-2
L Out-of-Bounds	<2.1+dfsg-1
C Out-of-Bounds	<1:2.8+dfsg-4
C Incorrect Permission Assignment for Critical Resource	<1:2.8+dfsg-5
M Loop with Unreachable Exit Condition ('Infinite Loop')	<1:2.4+dfsg-3
M Out-of-bounds Read	<2.1+dfsg-1
H Resource Exhaustion	<1:2.8+dfsg-6+deb9u4
M Integer Overflow or Wraparound	<2.0.0+dfsg-1
L Out-of-bounds Read	<1:2.8+dfsg-3
H Integer Overflow or Wraparound	<1:2.8+dfsg-6+deb9u6
H Out-of-bounds Write	<1:2.8+dfsg-6+deb9u6
H Link Following	<1:2.8+dfsg-3
H Out-of-bounds Read	<1:2.8+dfsg-6+deb9u4
M Integer Overflow or Wraparound	<1:2.8+dfsg-6+deb9u4
M Out-of-bounds Read	<1:2.8+dfsg-4
M Out-of-bounds Read	<1:2.8+dfsg-6+deb9u4
M Use After Free	<2.1+dfsg-1
H Improper Input Validation	<1:2.8+dfsg-6+deb9u4
M Information Exposure	<1:2.8+dfsg-6+deb9u4
M Divide By Zero	<1:2.8+dfsg-6+deb9u4
C Improper Input Validation	<1:2.8+dfsg-6+deb9u4
M NULL Pointer Dereference	<1:2.5+dfsg-1
H Out-of-bounds Write	<1:2.5+dfsg-1
M Out-of-bounds Write	<1:2.8+dfsg-6+deb9u4
H Missing Release of Resource after Effective Lifetime	<1:2.8+dfsg-6+deb9u4
M Race Condition	<1:2.8+dfsg-6+deb9u4
H Integer Overflow or Wraparound	<1:2.8+dfsg-6+deb9u3
H Use After Free	<1:2.8+dfsg-6+deb9u3
M Out-of-bounds Read	<1:2.8+dfsg-6+deb9u3
C Out-of-Bounds	<1:2.8+dfsg-5
M NULL Pointer Dereference	<1:2.8+dfsg-6+deb9u3
M NULL Pointer Dereference	<2.0.0+dfsg-1
M Divide By Zero	<2.0.0+dfsg-1
H Out-of-Bounds	<2.0.0+dfsg-1
H Integer Overflow or Wraparound	<2.0.0+dfsg-1
H CVE-2017-10664	<1:2.8+dfsg-6+deb9u1
M Out-of-bounds Write	<1:2.8+dfsg-6+deb9u2
M Out-of-bounds Read	<1:2.8+dfsg-6+deb9u2
M Out-of-bounds Read	<1:2.8+dfsg-6+deb9u2
H Out-of-Bounds	<1:2.8+dfsg-4
H Improper Input Validation	<1:2.8+dfsg-6+deb9u2
M Information Exposure	<1:2.8+dfsg-6+deb9u1
M Memory Leak	<1:2.8+dfsg-6+deb9u1
M Loop with Unreachable Exit Condition ('Infinite Loop')	<1:2.8+dfsg-6+deb9u3
M NULL Pointer Dereference	<1:2.8+dfsg-6+deb9u10
M Memory Leak	<1:2.8+dfsg-6+deb9u1
M Loop with Unreachable Exit Condition ('Infinite Loop')	<1:2.8+dfsg-6+deb9u1
M Loop with Unreachable Exit Condition ('Infinite Loop')	<1:2.8+dfsg-6+deb9u1
L Memory Leak	*
M Missing Release of Resource after Effective Lifetime	<1:2.8+dfsg-5
H Missing Release of Resource after Effective Lifetime	<1:2.8+dfsg-5
H Incorrect Permission Assignment for Critical Resource	<1:2.8+dfsg-6
M Loop with Unreachable Exit Condition ('Infinite Loop')	<1:2.8+dfsg-5
M Missing Release of Resource after Effective Lifetime	<1:2.8+dfsg-5
L Arbitrary Code Injection	*
M Out-of-bounds Read	<1:2.8+dfsg-4
H Memory Leak	<1:2.5+dfsg-3
M Resource Management Errors	<1:2.5+dfsg-1
H Out-of-bounds Write	<1:2.5+dfsg-5
M Missing Release of Resource after Effective Lifetime	<1:2.5+dfsg-3
M Out-of-bounds Write	<1:2.5+dfsg-3
M Divide By Zero	<1:2.5+dfsg-1
H Out-of-bounds Write	<1:2.5+dfsg-1
M Missing Release of Resource after Effective Lifetime	<1:2.8+dfsg-4
M Divide By Zero	<1:2.8+dfsg-1
M Loop with Unreachable Exit Condition ('Infinite Loop')	<1:2.8+dfsg-3
H Integer Overflow or Wraparound	<1:2.8+dfsg-3
H Buffer Overflow	<1:2.8+dfsg-3
M Loop with Unreachable Exit Condition ('Infinite Loop')	<1:2.8+dfsg-3
L Memory Leak	<1:2.8+dfsg-3
M Out-of-bounds Read	<1:2.8+dfsg-3
M Memory Leak	<1:2.8+dfsg-3
M Integer Overflow or Wraparound	<1:2.8+dfsg-3
L Memory Leak	<1:2.8+dfsg-2
M Memory Leak	<1:2.8+dfsg-2
M Memory Leak	<1:2.8+dfsg-2
L Memory Leak	*
M Memory Leak	<1:2.8+dfsg-3
L Memory Leak	*
M Loop with Unreachable Exit Condition ('Infinite Loop')	<1:2.8+dfsg-4
M Out-of-bounds Read	<1:2.7+dfsg-1
L Out-of-bounds Read	*
M Out-of-Bounds	<1:2.8+dfsg-1
M Memory Leak	<1:2.8+dfsg-1
M CVE-2015-8818	<1:2.4+dfsg-1a
M Information Exposure	<1:2.8+dfsg-1
H Out-of-bounds Read	<1:2.5+dfsg-2
M Out-of-bounds Read	<1:2.4+dfsg-1a
M Memory Leak	<1:2.8+dfsg-1
M NULL Pointer Dereference	<1:2.5+dfsg-4
M Loop with Unreachable Exit Condition ('Infinite Loop')	<1:2.5+dfsg-5
M NULL Pointer Dereference	<1:2.6+dfsg-1
M Off-by-one Error	<1:2.5+dfsg-3
M Loop with Unreachable Exit Condition ('Infinite Loop')	<1:2.8+dfsg-1
M Improper Input Validation	<1:2.5+dfsg-1
M Memory Leak	<1:2.8+dfsg-1
M Memory Leak	<1:2.8+dfsg-1
M Reachable Assertion	<1:2.5+dfsg-1
M NULL Pointer Dereference	<1:2.6+dfsg-1
M Missing Release of Resource after Effective Lifetime	<1:2.8+dfsg-1
L Information Exposure	<1:2.8+dfsg-1
M Missing Release of Resource after Effective Lifetime	<1:2.8+dfsg-1
M Use After Free	<1:2.8+dfsg-1
M Divide By Zero	<1:2.8+dfsg-1
M Missing Release of Resource after Effective Lifetime	<1:2.8+dfsg-1
M CVE-2016-6835	<1:2.6+dfsg-3.1
M CVE-2016-7155	<1:2.6+dfsg-3.1
M Missing Release of Resource after Effective Lifetime	<1:2.8+dfsg-1
M Buffer Overflow	<1:2.6+dfsg-3.1
M CVE-2016-4964	<1:2.6+dfsg-2
M Improper Initialization	<1:2.6+dfsg-3.1
M Missing Release of Resource after Effective Lifetime	<1:2.7+dfsg-1
M Excessive Iteration	<1:2.7+dfsg-1
M Buffer Overflow	<1:2.6+dfsg-3.1
M Integer Overflow or Wraparound	<1:2.6+dfsg-3.1
M CVE-2016-7157	<1:2.6+dfsg-3.1
M Incorrect Type Conversion or Cast	<1:2.6+dfsg-3.1
M Directory Traversal	<1:2.6+dfsg-3.1
M Missing Release of Resource after Effective Lifetime	<1:2.8+dfsg-1
M Improper Validation of Array Index	<1:2.8+dfsg-1
M Use After Free	<1:2.6+dfsg-3.1
M Buffer Overflow	<1:2.7+dfsg-1
M Integer Overflow or Wraparound	<1:2.8+dfsg-1
M Missing Release of Resource after Effective Lifetime	<1:2.8+dfsg-1
M Missing Release of Resource after Effective Lifetime	<1:2.8+dfsg-1
M Missing Release of Resource after Effective Lifetime	<1:2.8+dfsg-1
M Information Exposure	<1:2.8+dfsg-1
M Missing Release of Resource after Effective Lifetime	<1:2.8+dfsg-1
M Missing Release of Resource after Effective Lifetime	<1:2.8+dfsg-1
M CVE-2016-8578	<1:2.8+dfsg-1
M Allocation of Resources Without Limits or Throttling	<1:2.8+dfsg-1
M Divide By Zero	<1:2.8+dfsg-4
M Loop with Unreachable Exit Condition ('Infinite Loop')	<1:2.8+dfsg-1
M Buffer Overflow	<1:2.8+dfsg-1
M Loop with Unreachable Exit Condition ('Infinite Loop')	<1:2.8+dfsg-1
M Divide By Zero	<1:2.8+dfsg-1
M CVE-2016-7423	<1:2.7+dfsg-1
M Loop with Unreachable Exit Condition ('Infinite Loop')	<1:2.8+dfsg-1
M Loop with Unreachable Exit Condition ('Infinite Loop')	<1:2.8+dfsg-1
M Improper Input Validation	<1:2.8+dfsg-3
C Out-of-bounds Write	<1:2.7+dfsg-1
M CVE-2016-6351	<1:2.6+dfsg-3.1
M Out-of-bounds Write	<1:2.6+dfsg-2
M Out-of-bounds Read	<1:2.6+dfsg-2
M Out-of-bounds Write	<1:2.6+dfsg-2
M Use of Uninitialized Resource	<1:2.6+dfsg-2
M Resource Exhaustion	<1:2.6+dfsg-3.1
M CVE-2016-2392	<1:2.6+dfsg-1
H Numeric Errors	<1:2.6+dfsg-1
M Improper Input Validation	<1:2.6+dfsg-1
M NULL Pointer Dereference	<1:2.6+dfsg-1
H CVE-2016-5338	<1:2.6+dfsg-2
M CVE-2016-5337	<1:2.6+dfsg-2
M Out-of-bounds Write	<1:2.6+dfsg-3
H Out-of-bounds Write	<1:2.6+dfsg-2
M Out-of-Bounds	<1:2.6+dfsg-3
M Loop with Unreachable Exit Condition ('Infinite Loop')	<1:2.6+dfsg-3
M CVE-2016-4020	<1:2.6+dfsg-2
M Resource Exhaustion	<1:2.6+dfsg-1
H Buffer Overflow	<1:2.6+dfsg-1
M Loop with Unreachable Exit Condition ('Infinite Loop')	<1:2.5+dfsg-2
M Out-of-Bounds	<1:2.6+dfsg-2
M Out-of-Bounds	<1:2.6+dfsg-2
M Integer Overflow or Wraparound	<1:2.6+dfsg-1
H Out-of-Bounds	<1:2.6+dfsg-1
C Buffer Overflow	<1:2.6+dfsg-2
H Improper Access Control	<1:2.5+dfsg-2
H Out-of-Bounds	<1:2.6+dfsg-1
H Use After Free	<1:2.5+dfsg-2
M Out-of-bounds Write	<1:2.4+dfsg-1a
H Out-of-Bounds	<1:2.5+dfsg-4
M Insufficient Entropy	<1:2.6+dfsg-1
H Resource Exhaustion	<1:2.3+dfsg-1
C Buffer Overflow	<1:2.5+dfsg-1
M Out-of-Bounds	<1:2.4+dfsg-4
H Divide By Zero	<1:2.4+dfsg-2
H Out-of-Bounds	<1:2.4+dfsg-1a
H Out-of-Bounds	<1:2.4+dfsg-3
H Out-of-Bounds	<1:2.4+dfsg-1a
L Code	<1:2.3+dfsg-5
H Access Restriction Bypass	<1:2.4+dfsg-1a
H Out-of-Bounds	<1:2.4+dfsg-1a
H Information Exposure	<1:2.4+dfsg-1a
H Out-of-bounds Write	<1:2.3+dfsg-6
M Incorrect Authorization	<1:2.3+dfsg-5
M Resource Management Errors	<1:2.3+dfsg-5
H Access Restriction Bypass	<1:2.3+dfsg-5
M Access Restriction Bypass	<1:2.3+dfsg-5
H Out-of-Bounds	<1:2.3+dfsg-3
L Resource Management Errors	<1:2.3+dfsg-1
M Access Restriction Bypass	<1:2.3+dfsg-3
L Improper Input Validation	<2.1+dfsg-8
M Out-of-Bounds	<2.1+dfsg-9
M Off-by-one Error	<2.1+dfsg-5
H Improper Privilege Management	<2.1+dfsg-6
M Improper Input Validation	<2.1+dfsg-7
M NULL Pointer Dereference	<2.1+dfsg-5
L Arbitrary Code Injection	<2.1+dfsg-1
L Out-of-Bounds	<2.1+dfsg-1
L Out-of-Bounds	<2.1+dfsg-1
M Out-of-Bounds	<2.1+dfsg-1
L Out-of-Bounds	<2.1+dfsg-1
L Out-of-Bounds	<2.1+dfsg-1
M Numeric Errors	<2.0.0+dfsg-6
L Out-of-Bounds	<2.1+dfsg-1
L Arbitrary Code Injection	<2.1+dfsg-1
L Out-of-Bounds	<2.1+dfsg-1
L Out-of-Bounds	<2.1+dfsg-1
L Out-of-Bounds	<2.1+dfsg-1
L Out-of-Bounds	<2.1+dfsg-1
L Out-of-Bounds	<2.1+dfsg-1
L Out-of-Bounds	<2.1+dfsg-1
L Out-of-Bounds	<2.1+dfsg-1
H Numeric Errors	<2.0.0+dfsg-6
L Numeric Errors	<2.1+dfsg-1
L Out-of-Bounds	<2.1+dfsg-1
L Out-of-Bounds	<2.1+dfsg-1
L Arbitrary Code Injection	<2.1+dfsg-1
H Out-of-Bounds	<2.1+dfsg-1
M Information Exposure	<2.1+dfsg-5
M Out-of-Bounds	<2.1+dfsg-1
M Improper Input Validation	<2.0.0+dfsg-1
H Numeric Errors	<2.0.0+dfsg-1
M Numeric Errors	<1.7.0+dfsg-8
H Out-of-Bounds	<0.15.1+dfsg-2
L Resource Management Errors	<1.7.0+dfsg-1
L Resource Management Errors	<1.7.0+dfsg-4
L Buffer Overflow	<1.6.0+dfsg-2
L Access Restriction Bypass	<1.5.0+dfsg-1
H Buffer Overflow	<1.1.2+dfsg-4
H Improper Input Validation	<1.1.2+dfsg-1
M CVE-2012-2652	<1.1.0+dfsg-1
M Resource Management Errors	<0.11.0-1
L Out-of-Bounds	<0.9.1+svn20081101-1
L Numeric Errors	<0.9.1-10
M Resource Management Errors	<0.9.1-9
L Link Following	<0.9.1-6
L CVE-2008-1945	<0.9.1-5
M Information Exposure	<0.9.1-5
L Access Restriction Bypass	<0.9.1+svn20081207-1
H CVE-2007-1321	<0.9.0-2
H Out-of-bounds Write	<0.9.0-2
H Out-of-Bounds	<0.9.0-2
H Out-of-bounds Write	<0.9.0-2
M CVE-2007-1322	<0.9.0-2
M CVE-2007-1366	<0.9.0-2