Launchpad.net

CVE 2013-4539

Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image.

Related bugs and status

CVE-2013-4539 (Candidate) is related to these bugs:

Bug #1322204: image format input validation fixes tracking bug

		In	Importance	Status
1322204	image format input validation fixes tracking bug	qemu (Ubuntu)	Undecided	Fix Released
1322204	image format input validation fixes tracking bug	qemu (Ubuntu Utopic)	Undecided	Fix Released
1322204	image format input validation fixes tracking bug	qemu (Ubuntu Saucy)	Undecided	Won't Fix
1322204	image format input validation fixes tracking bug	qemu (Ubuntu Trusty)	Undecided	Fix Released
1322204	image format input validation fixes tracking bug	qemu (Ubuntu Lucid)	Undecided	Invalid
1322204	image format input validation fixes tracking bug	qemu (Ubuntu Precise)	Undecided	Invalid
1322204	image format input validation fixes tracking bug	qemu-kvm (Ubuntu)	Undecided	Invalid
1322204	image format input validation fixes tracking bug	qemu-kvm (Ubuntu Lucid)	Undecided	Fix Released
1322204	image format input validation fixes tracking bug	qemu-kvm (Ubuntu Precise)	Undecided	Fix Released
1322204	image format input validation fixes tracking bug	qemu-kvm (Ubuntu Saucy)	Undecided	Invalid
1322204	image format input validation fixes tracking bug	qemu-kvm (Ubuntu Trusty)	Undecided	Invalid
1322204	image format input validation fixes tracking bug	qemu-kvm (Ubuntu Utopic)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-4539

Related bugs and status

Related bugs

References