CVE-2017-5957

MEDIUM

Virglrenderer < 0.6.0 - Out-of-Bounds Write

Title source: rule

Description

Stack-based buffer overflow in the vrend_decode_set_framebuffer_state function in vrend_decode.c in virglrenderer before 926b9b3460a48f6454d8bbe9e44313d86a65447f, as used in Quick Emulator (QEMU), allows a local guest users to cause a denial of service (application crash) via the "nr_cbufs" argument.

References (5)

[Mailing List, Patch, Third Party Advisory] http://www.openwall.com/lists/oss-security/2017/02/13/3

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/96215

[Issue Tracking, Patch, Third Party Advisory, VDB Entry] https://bugzilla.redhat.com/show_bug.cgi?id=1421126

[Patch, Third Party Advisory] https://cgit.freedesktop.org/virglrenderer/commit/?id=926b9b3460a48f6454d8bbe9e44313d86a65447f

[Third Party Advisory] https://security.gentoo.org/glsa/201707-06

Scores

CVSS v3 5.5

EPSS 0.0008

EPSS Percentile 24.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-787

Status published

Affected Products (2)

virglrenderer_project/virglrenderer < 0.6.0

n/a/n/a

Timeline

Published Mar 14, 2017

Tracked Since Feb 18, 2026