CVE-2008-1945 Affecting qemu package, versions <0.9.1-5


low

Snyk CVSS

    Attack Complexity Low

    Threat Intelligence

    EPSS 0.06% (24th percentile)
Expand this section
NVD
4 medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-DEBIAN11-QEMU-529116
  • published 8 Aug 2008
  • disclosed 8 Aug 2008

How to fix?

Upgrade Debian:11 qemu to version 0.9.1-5 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream qemu package and not the qemu package as distributed by Debian. See How to fix? for Debian:11 relevant fixed versions and status.

QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.