CVE-2011-4111

Published: 28 November 2011

Buffer overflow in the ccid_card_vscard_handle_message function in hw/ccid-card-passthru.c in QEMU before 0.15.2 and 1.x before 1.0-rc4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VSC_ATR message.

Priority

Medium

Status

Package Release Status
qemu-kvm
Launchpad, Ubuntu, Debian
Upstream Pending
(1.0-rc4)

Notes

AuthorNote
jdstrand
introduced in commit edbb2136 and released in 0.15
verified code not present in 11.10 and lower

References