CVE-2015-8504

moderate-risk
Published 2017-04-11

Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.

Do I need to act?

~
2.8% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10 Medium
NETWORK / LOW complexity

Affected Products (6)

Affected Vendors

Debian Qemu

References (16)

http://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=4c65fed8bdf96780735db...
Third Party Advisory http://www.debian.org/security/2016/dsa-3469
Third Party Advisory http://www.debian.org/security/2016/dsa-3470
Third Party Advisory http://www.debian.org/security/2016/dsa-3471
Mailing List http://www.openwall.com/lists/oss-security/2015/12/08/7
Third Party Advisory http://www.securityfocus.com/bid/78708
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1289541
Third Party Advisory https://security.gentoo.org/glsa/201602-01
http://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=4c65fed8bdf96780735db...
Third Party Advisory http://www.debian.org/security/2016/dsa-3469
Third Party Advisory http://www.debian.org/security/2016/dsa-3470
Third Party Advisory http://www.debian.org/security/2016/dsa-3471
Mailing List http://www.openwall.com/lists/oss-security/2015/12/08/7
Third Party Advisory http://www.securityfocus.com/bid/78708
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1289541
Third Party Advisory https://security.gentoo.org/glsa/201602-01
43
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 6/34 · Minimal
Exposure 13/34 · Low