CVE-2016-7170

Description

The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing a DEFINE_CURSOR svga command.

Risk Information

Base Score

4.4

MODERATE

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

EPSS Score

Exploitation Probability

0.075

Associated Vulnerability

Vulnerability	OS Platform
Multiple vulnerabilities affected in QEMU 2.5.0	Windows
Multiple Vulnerabilities are affected in QEMU 2.5.0	Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234