CVE-2007-1320
QEMU 0.8.2 - Heap-Based Buffer Overflow in Cirrus VGA Extension
Title source: llmDescription
Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow.
References (23)
Core 23
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/23731
Third Party Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:203
Third Party Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00706.html
Third Party Advisory vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10315
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/35494
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27047
Third Party Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00935.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2007/dsa-1284
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25073
Technical Description, Third Party Advisory x_refsource_misc
http://taviso.decsystem.org/virtsec.pdf
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27486
Third Party Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:162
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27085
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30413
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/33568
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1597
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27103
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29129
Third Party Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0323.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25095
Third Party Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2007/dsa-1384
Scores
EPSS
0.0005
EPSS Percentile
16.7%
Details
CWE
CWE-787
Status
published
Products (8)
debian/debian_linux
3.1
debian/debian_linux
4.0
fedoraproject/fedora
8
fedoraproject/fedora
9
fedoraproject/fedora_core
6
opensuse/opensuse
11.0
opensuse/opensuse
11.1
qemu/qemu
0.8.2
Published
May 02, 2007
Tracked Since
Feb 18, 2026