FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

qemu -- denial of service vulnerability in VNC

Affected packages
qemu < 2.1.0
qemu-devel < 2.1.0
qemu-sbruno < 2.2.50.g20141230
qemu-user-static < 2.2.50.g20141230


VuXML ID 8a560bcf-b14b-11e5-9728-002590263bf5
Discovery 2014-06-30
Entry 2016-01-02

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with the VNC display driver is vulnerable to an infinite loop issue. It could occur while processing a CLIENT_CUT_TEXT message with specially crafted payload message.

A privileged guest user could use this flaw to crash the Qemu process on the host, resulting in DoS.


CVE Name CVE-2015-5239