CVE-2014-7815

Loading...

General

Score:5.0/10.0
Severity:Medium
Category:Access Control Error

Impact Metrics

Confidentiality:None
Integrity:None
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2010-0431, CVE-2010-2784, CVE-2011-0011, CVE-2011-1750, CVE-2011-1751, CVE-2011-2212, CVE-2011-2527, CVE-2011-4111, CVE-2011-4127, CVE-2012-0029, CVE-2012-2652, CVE-2012-3515, CVE-2012-6075, CVE-2013-2007, CVE-2013-2231, CVE-2013-4148, CVE-2013-4149, CVE-2013-4150, CVE-2013-4151, CVE-2013-4344, CVE-2013-4527, CVE-2013-4529, CVE-2013-4530, CVE-2013-4533, CVE-2013-4534, CVE-2013-4535, CVE-2013-4536, CVE-2013-4537, CVE-2013-4538, CVE-2013-4539, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0150, CVE-2014-0182, CVE-2014-0222, CVE-2014-0223, CVE-2014-2894, CVE-2014-3461, CVE-2014-3615, CVE-2014-3640, CVE-2014-3689, CVE-2014-5263, CVE-2014-5388, CVE-2014-7840, CVE-2014-8106, CVE-2014-9718, CVE-2015-1779, CVE-2015-3209, CVE-2015-3456, CVE-2015-5154, CVE-2015-5165, CVE-2015-5278, CVE-2015-5279, CVE-2015-6815, CVE-2015-6855, CVE-2015-7512, CVE-2015-7549, CVE-2015-8345, CVE-2015-8504, CVE-2015-8550, CVE-2015-8554, CVE-2015-8555, CVE-2015-8558, CVE-2015-8567, CVE-2015-8568, CVE-2015-8613, CVE-2015-8619, CVE-2015-8743, CVE-2015-8744, CVE-2015-8745, CVE-2015-8817, CVE-2015-8818, CVE-2016-1568, CVE-2016-1570, CVE-2016-1571, CVE-2016-1714, CVE-2016-1922, CVE-2016-1981, CVE-2016-2198, CVE-2016-2270, CVE-2016-2271, CVE-2016-2391, CVE-2016-2392, CVE-2016-2538, CVE-2016-2841, CVE-2016-2857, CVE-2016-3710, CVE-2016-3712, CVE-2016-4453, CVE-2016-4454, CVE-2016-5105, CVE-2016-5106, CVE-2016-5107, CVE-2016-5126, CVE-2016-5238, CVE-2016-5337, CVE-2016-5338, CVE-2016-5403, CVE-2016-6490, CVE-2016-7116, CVE-2017-2615, CVE-2017-2620

Published on 14/11/14 - Updated on 28/12/17

Description

The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.

Category: Access Control Error

CWE-264 (Permissions, Privileges, and Access Control)
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Security Notices

US National Vulnerability DatabaseCVE-2014-7815
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2015-AVI-161
CentOS CESA-2015:0349
Debian DSA-3066-1, DSA-3067-1
Oracle Linux ELSA-2015-0349, ELSA-2017-0621
Redhat RHSA-2015:0349
SUSE SUSE-SU-2015:1782, SUSE-SU-2016:0873, SUSE-SU-2016:0955, SUSE-SU-2016:1154, SUSE-SU-2016:1318, SUSE-SU-2016:1445, SUSE-SU-2016:1745, SUSE-SU-2016:2628
Ubuntu USN-2409-1

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
canonicalubuntu_linux
debiandebian_linux
qemuqemu
redhatenterprise_linux_desktop
redhatenterprise_linux_hpc_node
redhatenterprise_linux_server
redhatenterprise_linux_workstation

Share this vulnerability with:

Twitter Facebook LinkedIn Mail