Launchpad.net

CVE 2014-0223

Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read.

Related bugs and status

CVE-2014-0223 (Candidate) is related to these bugs:

Bug #1322204: image format input validation fixes tracking bug

		In	Importance	Status
1322204	image format input validation fixes tracking bug	qemu (Ubuntu)	Undecided	Fix Released
1322204	image format input validation fixes tracking bug	qemu (Ubuntu Utopic)	Undecided	Fix Released
1322204	image format input validation fixes tracking bug	qemu (Ubuntu Saucy)	Undecided	Won't Fix
1322204	image format input validation fixes tracking bug	qemu (Ubuntu Trusty)	Undecided	Fix Released
1322204	image format input validation fixes tracking bug	qemu (Ubuntu Lucid)	Undecided	Invalid
1322204	image format input validation fixes tracking bug	qemu (Ubuntu Precise)	Undecided	Invalid
1322204	image format input validation fixes tracking bug	qemu-kvm (Ubuntu)	Undecided	Invalid
1322204	image format input validation fixes tracking bug	qemu-kvm (Ubuntu Lucid)	Undecided	Fix Released
1322204	image format input validation fixes tracking bug	qemu-kvm (Ubuntu Precise)	Undecided	Fix Released
1322204	image format input validation fixes tracking bug	qemu-kvm (Ubuntu Saucy)	Undecided	Invalid
1322204	image format input validation fixes tracking bug	qemu-kvm (Ubuntu Trusty)	Undecided	Invalid
1322204	image format input validation fixes tracking bug	qemu-kvm (Ubuntu Utopic)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2014-0223

Related bugs and status

Related bugs

References