CVE-2014-0222

Published: 13 May 2014

Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.

Priority

Status

Package	Release	Status
qemu Launchpad, Ubuntu, Debian	Upstream	Needed





	Ubuntu 14.04 ESM (Trusty Tahr)	Released (2.0.0+dfsg-2ubuntu1.3)
	Patches: Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=42eb58179b3b215bb507da3262b682b8a2ec10b5
qemu-kvm Launchpad, Ubuntu, Debian	Upstream	Needed





	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0222
https://ubuntu.com/security/notices/USN-2342-1
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

CVE-2014-0222

Medium

Status

References

Join the discussion

Canonical is offering Extended Security Maintenance

Further reading