NULL Pointer Dereference Affecting qemu package, versions <2.0.0+dfsg-1


0.0
medium

Snyk CVSS

    Attack Complexity Low
    User Interaction Required
    Availability High

    Threat Intelligence

    EPSS 0.08% (34th percentile)
Expand this section
NVD
5.5 medium
Expand this section
Red Hat
5.1 medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-DEBIAN11-QEMU-526606
  • published 10 Aug 2017
  • disclosed 10 Aug 2017

How to fix?

Upgrade Debian:11 qemu to version 2.0.0+dfsg-1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream qemu package and not the qemu package as distributed by Debian. See How to fix? for Debian:11 relevant fixed versions and status.

The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapshot_offset and nb_snapshots fields.