A flaw was found in the QEMU built-in VNC server while processing
ClientCutText messages. The qemu_clipboard_request() function can be
reached before vnc_server_cut_text_caps() was called and had the chance to
initialize the clipboard peer, leading to a NULL pointer dereference. This
could allow a malicious authenticated VNC client to crash QEMU and trigger
a denial of service.
Author | Note |
---|---|
mdeslaur | as of 2024-04-15, the patch has not been committed upstream |