FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-1320

This CVE name corresponds to:

Entered Topic
2007-05-01 qemu -- several vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-1320 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-1320
Phase Assigned(20070307)

Description

Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow.

References

Source Reference
MISC http://taviso.decsystem.org/virtsec.pdf
DEBIAN DSA-1284
DEBIAN DSA-1384
FEDORA FEDORA-2007-713
FEDORA FEDORA-2008-4386
FEDORA FEDORA-2008-4604
MANDRIVA MDKSA-2007:203
MANDRIVA MDVSA-2008:162
REDHAT RHSA-2007:0323
SUSE SUSE-SR:2009:002
BID 23731
OSVDB 35494
OVAL oval:org.mitre.oval:def:10315
VUPEN ADV-2007-1597
SECUNIA 25073
SECUNIA 25095
SECUNIA 27085
SECUNIA 27103
SECUNIA 27486
SECUNIA 27047
SECUNIA 30413
SECUNIA 29129
SECUNIA 33568

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.