Lucene search
K

8 matches found

Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.7 views

PT-2026-20315

Name of the Vulnerable Software and Affected Versions OpenStack Nova affected versions not specified Description The software calls qemu-img without format restrictions when resizing images. A malicious QCOW header could potentially convince Nova's flat image backend to execute an unsafe image...

8.2CVSS5.6AI score0.00341EPSS
Exploits0References19
OSV
OSV
added 2024/09/04 4:4 p.m.5 views

USN-6989-1 ironic vulnerability

Dan Smith, Julia Kreger and Jay Faulkner discovered that in image processing for Ironic, a specially crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data...

4.3CVSS5.8AI score0.00545EPSS
Exploits0References2
OSV
OSV
added 2024/09/04 12:0 a.m.5 views

UBUNTU-CVE-2024-44082

In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data...

4.3CVSS5.8AI score0.00545EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/07/23 1:19 p.m.5 views

qemu-kvm: 'qemu-img info' leads to host file read/write

A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write ...

7.8CVSS7.1AI score0.00333EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/07/02 7:42 p.m.21 views

qemu-kvm: 'qemu-img info' leads to host file read/write

A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write ...

7.8CVSS7.1AI score0.00333EPSS
Exploits0References4
OSV
OSV
added 2024/07/02 4:15 p.m.6 views

AZL-60091 CVE-2024-4467 affecting package qemu for versions less than 6.2.0-24

A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write ...

7.8CVSS7.1AI score0.00333EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2024/06/26 1:32 p.m.5 views

Astra Linux – Vulnerability in Qemu

A flaw was discovered in the QEMU disk image utility’s ‘info’ command. A specially crafted image file containing a json: value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, resulting in denial of service or issues with...

7.8CVSS7.2AI score0.00333EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2018/09/04 12:0 a.m.5 views

vdsm: calls to qemu-img are not protected by prlimit/ulimit

It was found that vdsm would invoke qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amounts of memory of CPU time, causing a denial of service condition that could potentially impact...

7.1CVSS5.8AI score0.01185EPSS
Exploits0References5
Rows per page
Query Builder