A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2018-07-27T21:00:00

Updated: 2024-08-06T02:59:02.448Z

Reserved: 2016-11-23T00:00:00

Link: CVE-2016-9603

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-07-27T21:29:00.290

Modified: 2023-11-07T02:37:15.190

Link: CVE-2016-9603

cve-icon Redhat

Severity : Important

Publid Date: 2017-03-14T00:00:00Z

Links: CVE-2016-9603 - Bugzilla