SUSE CVE-2019-20808

In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the aticursordefine routine while handling MMIO write operations through the atimmwrite callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : QEMU vulnerabilities (USN-4650-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4650-1 advisory. Alexander Bulekov discovered that QEMU incorrectly handled SDHCI device emulation. An attacker inside the guest could use this...

USN-4650-1: QEMU vulnerabilities

Alexander Bulekov discovered that QEMU incorrectly handled SDHCI device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvir...

DEBIAN-CVE-2020-13800

ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mmindex value during an atimmread or atimmwrite call...

Integer overflow

Integer overflow in cdd.dll in the Canonical Display Driver CDD in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service reboot or possibly execute arbitrary code via a crafted...

CVE-2009-3678

CVE-2009-3678 describes an unauthenticated remote code-execution vulnerability in the Canonical Display Driver (cdd.dll) for 64-bit Windows 7/Windows Server 2008 R2 when the Windows Aero theme is enabled. The root cause is improper parsing of data copied from user-mode to kernel-mode in the Canon...