Description

Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow.

References

http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html

http://osvdb.org/35494

http://secunia.com/advisories/25073

http://secunia.com/advisories/25095

http://secunia.com/advisories/27047

http://secunia.com/advisories/27085

http://secunia.com/advisories/27103

http://secunia.com/advisories/27486

http://secunia.com/advisories/29129

http://secunia.com/advisories/30413

http://secunia.com/advisories/33568

http://taviso.decsystem.org/virtsec.pdf

http://www.debian.org/security/2007/dsa-1284

http://www.debian.org/security/2007/dsa-1384

http://www.mandriva.com/security/advisories?name=MDKSA-2007:203

http://www.mandriva.com/security/advisories?name=MDVSA-2008:162

http://www.redhat.com/support/errata/RHSA-2007-0323.html

http://www.securityfocus.com/bid/23731

http://www.vupen.com/english/advisories/2007/1597

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10315

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00706.html

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00935.html

Details

Risk Information

CVSS v2