CVE-2007-1320
qemu - several vulnerabilities
EPSS 0.05%
Description
Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow.
How to fix CVE-2007-1320
To remediate CVE-2007-1320, upgrade the affected package to a fixed version below.
- Debian/kvm—upgrade to 60+dfsg-1+lenny1 or later
- Debian/qemu—upgrade to 0.9.0-2 or later
- —upgrade to 0.6.1+20050407-1sarge1 or later
- —upgrade to 0.8.2-5lenny1 or later
- —upgrade to 3.0.3-0-3 or later
Is CVE-2007-1320 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (5)
- from 0, < 60+dfsg-1+lenny1
- from 0, < 0.9.0-2
- from 0, < 0.6.1+20050407-1sarge1
- from 0, < 0.8.2-5lenny1
- from 0, < 3.0.3-0-3