What is the severity of CVE-2014-0223?

CVE-2014-0223 has a moderate severity level due to its potential to cause denial of service and possible arbitrary code execution.

How do I fix CVE-2014-0223?

To fix CVE-2014-0223, upgrade to QEMU version 1.7.2 or later.

What systems are affected by CVE-2014-0223?

CVE-2014-0223 affects various versions of QEMU prior to 1.7.2 and SUSE Linux Enterprise Server 11.0 SP1.

What type of vulnerability is CVE-2014-0223?

CVE-2014-0223 is classified as an integer overflow vulnerability that can lead to buffer overflow issues.

Can CVE-2014-0223 be exploited remotely?

CVE-2014-0223 is primarily a local vulnerability, requiring local user access for exploitation.

Vulnerability/
CVE-2014-0223

medium

4.6

CWE

189 119 190

4/11/2014

6/8/2024

CVE-2014-0223: Buffer Overflow

First published: Tue Nov 04 2014(Updated: )

Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
SUSE Linux Enterprise Server	=11.0-sp1
QEMU	<=1.7.1
QEMU	=0.1.0
QEMU	=0.1.1
QEMU	=0.1.2
QEMU	=0.1.3
QEMU	=0.1.4
QEMU	=0.1.5
QEMU	=0.1.6
QEMU	=0.2.0
QEMU	=0.3.0
QEMU	=0.4.0
QEMU	=0.4.1
QEMU	=0.4.2
QEMU	=0.4.3
QEMU	=0.5.0
QEMU	=0.5.1
QEMU	=0.5.2
QEMU	=0.5.3
QEMU	=0.5.4
QEMU	=0.5.5
QEMU	=0.6.0
QEMU	=0.6.1
QEMU	=0.7.0
QEMU	=0.7.1
QEMU	=0.7.2
QEMU	=0.8.0
QEMU	=0.8.1
QEMU	=0.8.2
QEMU	=0.9.0
QEMU	=0.9.1
QEMU	=0.9.1-5
QEMU	=0.10.0
QEMU	=0.10.1
QEMU	=0.10.2
QEMU	=0.10.3
QEMU	=0.10.4
QEMU	=0.10.5
QEMU	=0.10.6
QEMU	=0.11.0
QEMU	=0.11.0-rc0
QEMU	=0.11.0-rc1
QEMU	=0.11.0-rc2
QEMU	=0.11.0-rc0
QEMU	=0.11.0-rc1
QEMU	=0.11.0-rc2
QEMU	=0.11.1
QEMU	=0.12.0
QEMU	=0.12.0-rc1
QEMU	=0.12.0-rc2
QEMU	=0.12.1
QEMU	=0.12.2
QEMU	=0.12.3
QEMU	=0.12.4
QEMU	=0.12.5
QEMU	=0.13.0
QEMU	=0.13.0-rc0
QEMU	=0.13.0-rc1
QEMU	=0.14.0
QEMU	=0.14.0-rc0
QEMU	=0.14.0-rc1
QEMU	=0.14.0-rc2
QEMU	=0.14.1
QEMU	=0.15.0-rc1
QEMU	=0.15.0-rc2
QEMU	=0.15.1
QEMU	=0.15.2
QEMU	=1.0
QEMU	=1.0-rc1
QEMU	=1.0-rc2
QEMU	=1.0-rc3
QEMU	=1.0-rc4
QEMU	=1.0.1
QEMU	=1.1
QEMU	=1.1-rc1
QEMU	=1.1-rc2
QEMU	=1.1-rc3
QEMU	=1.1-rc4
QEMU	=1.4.1
QEMU	=1.4.2
QEMU	=1.5.0
QEMU	=1.5.0-rc1
QEMU	=1.5.0-rc2
QEMU	=1.5.0-rc3
QEMU	=1.5.1
QEMU	=1.5.2
QEMU	=1.5.3
QEMU	=1.6.0
QEMU	=1.6.0-rc1
QEMU	=1.6.0-rc2
QEMU	=1.6.0-rc3
QEMU	=1.6.1
QEMU	=1.6.2

Remedy

http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-0223?
CVE-2014-0223 has a moderate severity level due to its potential to cause denial of service and possible arbitrary code execution.
How do I fix CVE-2014-0223?
To fix CVE-2014-0223, upgrade to QEMU version 1.7.2 or later.
What systems are affected by CVE-2014-0223?
CVE-2014-0223 affects various versions of QEMU prior to 1.7.2 and SUSE Linux Enterprise Server 11.0 SP1.
What type of vulnerability is CVE-2014-0223?
CVE-2014-0223 is classified as an integer overflow vulnerability that can lead to buffer overflow issues.
Can CVE-2014-0223 be exploited remotely?
CVE-2014-0223 is primarily a local vulnerability, requiring local user access for exploitation.

agent/references
agent/type
agent/remedy
agent/author
agent/severity
agent/weakness
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/suse
canonical/suse linux enterprise server
version/suse linux enterprise server/11.0-sp1
vendor/qemu
canonical/qemu
version/qemu/1.7.1
version/qemu/0.1.0
version/qemu/0.1.1
version/qemu/0.1.2
version/qemu/0.1.3
version/qemu/0.1.4
version/qemu/0.1.5
version/qemu/0.1.6
version/qemu/0.2.0
version/qemu/0.3.0
version/qemu/0.4.0
version/qemu/0.4.1
version/qemu/0.4.2
version/qemu/0.4.3
version/qemu/0.5.0
version/qemu/0.5.1
version/qemu/0.5.2
version/qemu/0.5.3
version/qemu/0.5.4
version/qemu/0.5.5
version/qemu/0.6.0
version/qemu/0.6.1
version/qemu/0.7.0
version/qemu/0.7.1
version/qemu/0.7.2
version/qemu/0.8.0
version/qemu/0.8.1
version/qemu/0.8.2
version/qemu/0.9.0
version/qemu/0.9.1
version/qemu/0.9.1-5
version/qemu/0.10.0
version/qemu/0.10.1
version/qemu/0.10.2
version/qemu/0.10.3
version/qemu/0.10.4
version/qemu/0.10.5
version/qemu/0.10.6
version/qemu/0.11.0
version/qemu/0.11.0-rc0
version/qemu/0.11.0-rc1
version/qemu/0.11.0-rc2
version/qemu/0.11.1
version/qemu/0.12.0
version/qemu/0.12.0-rc1
version/qemu/0.12.0-rc2
version/qemu/0.12.1
version/qemu/0.12.2
version/qemu/0.12.3
version/qemu/0.12.4
version/qemu/0.12.5
version/qemu/0.13.0
version/qemu/0.13.0-rc0
version/qemu/0.13.0-rc1
version/qemu/0.14.0
version/qemu/0.14.0-rc0
version/qemu/0.14.0-rc1
version/qemu/0.14.0-rc2
version/qemu/0.14.1
version/qemu/0.15.0-rc1
version/qemu/0.15.0-rc2
version/qemu/0.15.1
version/qemu/0.15.2
version/qemu/1.0
version/qemu/1.0-rc1
version/qemu/1.0-rc2
version/qemu/1.0-rc3
version/qemu/1.0-rc4
version/qemu/1.0.1
version/qemu/1.1
version/qemu/1.1-rc1
version/qemu/1.1-rc2
version/qemu/1.1-rc3
version/qemu/1.1-rc4
version/qemu/1.4.1
version/qemu/1.4.2
version/qemu/1.5.0
version/qemu/1.5.0-rc1
version/qemu/1.5.0-rc2
version/qemu/1.5.0-rc3
version/qemu/1.5.1
version/qemu/1.5.2
version/qemu/1.5.3
version/qemu/1.6.0
version/qemu/1.6.0-rc1
version/qemu/1.6.0-rc2
version/qemu/1.6.0-rc3
version/qemu/1.6.1
version/qemu/1.6.2