CVE-2014-0223

Published: 13 May 2014

Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read.

Priority

Status

Package	Release	Status
qemu Launchpad, Ubuntu, Debian	Upstream	Needed





	Ubuntu 14.04 ESM (Trusty Tahr)	Released (2.0.0+dfsg-2ubuntu1.3)
	Patches: Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=46485de0cb357b57373e1ca895adedf1f3ed46ec
qemu-kvm Launchpad, Ubuntu, Debian	Upstream	Needed





	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0223
https://usn.ubuntu.com/usn/usn-2342-1
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

CVE-2014-0223

Medium

Status

References

Join the discussion

Canonical is offering Extended Security Maintenance

Further reading