CVE-2008-1945 Affecting qemu package, versions <0.9.1-5


Severity

Recommended
0.0
medium
0
10

Snyk's Security Team recommends NVD's CVSS assessment. Learn more

Threat Intelligence

EPSS
0.07% (31st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-DEBIAN8-QEMU-427825
  • published8 Aug 2008
  • disclosed8 Aug 2008

Introduced: 8 Aug 2008

CVE-2008-1945  (opens in a new tab)

How to fix?

Upgrade Debian:8 qemu to version 0.9.1-5 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream qemu package and not the qemu package as distributed by Debian. See How to fix? for Debian:8 relevant fixed versions and status.

QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.

CVSS Scores

version 3.1