'CVE-2014-0223' has been assigned to this issue.
A huge image size could cause s->l1_size to overflow. Make sure that images never require a L1 table larger than what fits in s->l1_size.
This cannot only cause unbounded allocations, but also the allocation of a too small L1 table, resulting in out-of-bounds array accesses (both reads and writes).
Prasad J Pandit / Red Hat Security Response Team