CVE-2007-1320
HIGH severity · CVSS 7.2 · Out-of-bounds write
7.2CVSS HIGH
Summary
Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow.
Impact & exploitability
Attack vectorLocal
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)0%
AV:L/AC:L/Au:N/C:C/I:C/A:C
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.htmlAdvisory
- http://osvdb.org/35494
- http://secunia.com/advisories/25073Advisory
- http://secunia.com/advisories/25095Advisory
- http://secunia.com/advisories/27047Advisory
- http://secunia.com/advisories/27085Advisory
- http://secunia.com/advisories/27103Advisory
- http://secunia.com/advisories/27486Advisory