Skip to main content

Improper Input Validation

CVE-2014-0144

Severity High
Score 8.6/10

Summary

QEMU prior to v2.0.0-rc1, block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process.

  • LOW
  • LOCAL
  • HIGH
  • CHANGED
  • REQUIRED
  • NONE
  • HIGH
  • HIGH

CWE-20 - Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Advisory Timeline

  • Published