CVE-2014-0146

Published: 26 March 2014

The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapshot_offset and nb_snapshots fields.

Priority

CVSS 3 base score: 5.5

Status

Package	Release	Status
qemu Launchpad, Ubuntu, Debian	Upstream	Released (1.7.2, 2.0)






	Ubuntu 14.04 ESM (Trusty Tahr)	Not vulnerable (2.0.0~rc1+dfsg-0ubuntu3)
	Patches: Other: https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=11b128f4062dd7f89b14abc8877ff20d41b28be9
qemu-kvm Launchpad, Ubuntu, Debian	Upstream	Needs triage






	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
	Patches: Other: https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html

References

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742730

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM