CVE-2008-4539

🗓️ 29 Dec 2008 15:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 101 Views

CVE-2008-4539 Heap-based buffer overflow in Cirrus VGA implementation in KVM and QEMU on Debian/Ubuntu, allows local users to gain privileges via VNC console connection, aka LGD-54XX "bitblt" heap overflow

Reporter	Title	Published	Views	Family All 53
FreeBSD	qemu -- Heap overflow in Cirrus emulation	1 Nov 200800:00	–	freebsd
ATTACKERKB	CVE-2008-4539	29 Dec 200815:24	–	attackerkb
Cvelist	CVE-2008-4539	29 Dec 200815:00	–	cvelist
Debian	[SECURITY] [DSA 1799-1] New qemu packages fix several vulnerabilities	11 May 200921:13	–	debian
Debian CVE	CVE-2008-4539	29 Dec 200815:00	–	debiancve
Tenable Nessus	Debian DSA-1799-1 : qemu - several vulnerabilities	13 May 200900:00	–	nessus
Tenable Nessus	Fedora 10 2008-10000	23 Apr 200900:00	–	nessus
Tenable Nessus	Fedora 10 : kvm-74-6.fc10 (2008-10083)	24 Sep 201200:00	–	nessus
Tenable Nessus	Fedora 9 : kvm-65-15.fc9 (2008-11705)	26 Dec 200800:00	–	nessus
Tenable Nessus	Fedora 10 : kvm-74-10.fc10 (2008-11727)	23 Apr 200900:00	–	nessus

NVD

Node

kvm_qumranet kvmRange≤81

qemu qemuRange<0.10.0

AND

canonical ubuntu_linuxMatch-

debian debian_linuxMatch-

Node

canonical ubuntu_linuxMatch8.04-

canonical ubuntu_linuxMatch8.10

Node

debian debian_linuxMatch4.0

debian debian_linuxMatch5.0

Source	Link
launchpad	www.launchpad.net/ubuntu/jaunty/+source/qemu/0.9.1+svn20081112-1ubuntu1
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
secunia	www.secunia.com/advisories/25073
svn	www.svn.savannah.gnu.org/viewvc/
debian	www.debian.org/security/2009/dsa-1799
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/47736
mail-archive	www.mail-archive.com/cvs-all%40freebsd.org/msg129730.html
secunia	www.secunia.com/advisories/29129
redhat	www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html

23 Apr 2026 00:35Current

8.1High risk

Vulners AI Score8.1

CVSS 27.2

EPSS0.00048

CWE-119