CVE-2014-7815 - OpenCVE

The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Qemu	Qemu
Redhat	Enterprise Linux Enterprise Linux Desktop Enterprise Linux Eus Enterprise Linux Server Enterprise Linux Server Aus Enterprise Linux Workstation Virtualization
Suse	Linux Enterprise Desktop Linux Enterprise Server

Configuration 1 [-]

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

Configuration 4 [-]

AND

cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration 5 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:14.10:::::::*

Configuration 6 [-]

OR	cpe:2.3:o:suse:linux_enterprise_desktop:12:-::::::
	cpe:2.3:o:suse:linux_enterprise_server:12:-::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
qemu-kvm-10:1.5.3-86.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2015:0349	2015-03-05T00:00:00Z
RHEV 3.X Hypervisor and Agents for RHEL-7
qemu-kvm-rhev-10:2.1.2-23.el7	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2015:0624	2015-03-05T00:00:00Z

References

Link	Providers
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e6908bfe8e07f2b452e78e677da1b45b1c0f6829
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html
http://rhn.redhat.com/errata/RHSA-2015-0349.html
http://rhn.redhat.com/errata/RHSA-2015-0624.html
http://secunia.com/advisories/61484
http://secunia.com/advisories/62143
http://secunia.com/advisories/62144
http://support.citrix.com/article/CTX200892
http://www.debian.org/security/2014/dsa-3066
http://www.debian.org/security/2014/dsa-3067
http://www.ubuntu.com/usn/USN-2409-1
https://bugzilla.redhat.com/show_bug.cgi?id=1157641
https://nvd.nist.gov/vuln/detail/CVE-2014-7815
https://www.cve.org/CVERecord?id=CVE-2014-7815

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-11-14T15:00:00

Updated: 2024-08-06T13:03:27.297Z

Reserved: 2014-10-03T00:00:00

Link: CVE-2014-7815

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-11-14T15:59:01.497

Modified: 2023-02-13T00:42:21.433

Link: CVE-2014-7815

Redhat

Severity : Moderate

Publid Date: 2014-10-27T00:00:00Z

Links: CVE-2014-7815 - Bugzilla

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object