Signature Detail

APP: QEMU vnc set_pixel_format bits_per_pixel Null Pointer Dereference

A null pointer dereference vulnerability has been found in QEMU. The vulnerability is due to insufficient checking of an initialized buffer. A remote attacker could exploit this vulnerability by setting bits_per_pixel to a value that is less than 8. Successful exploitation could lead to a denial of service condition on the guest VM.

Extended Description

The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.

Affected Products

• Canonical ubuntu_linux 10.04
• Canonical ubuntu_linux 12.04
• Canonical ubuntu_linux 14.04
• Canonical ubuntu_linux 14.10
• Debian debian_linux 7.0
• Qemu qemu 2.1.3
• Redhat enterprise_linux_desktop 7.0
• Redhat enterprise_linux_eus 7.3
• Redhat enterprise_linux_eus 7.4
• Redhat enterprise_linux_eus 7.5
• Redhat enterprise_linux_eus 7.6
• Redhat enterprise_linux_eus 7.7
• Redhat enterprise_linux_server 7.0
• Redhat enterprise_linux_server_aus 7.3
• Redhat enterprise_linux_server_aus 7.4
• Redhat enterprise_linux_server_aus 7.6
• Redhat enterprise_linux_server_aus 7.7
• Redhat enterprise_linux_workstation 7.0
• Redhat virtualization 3.0
• Suse linux_enterprise_desktop 12
• Suse linux_enterprise_server 12

References

• BugTraq: 70998
• CVE: CVE-2014-7815