CVE-2007-1320

Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow.

Published: May 2, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-1320
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
qemu / qemu	0.8.2	0.8.2.x
fedoraproject / fedora	9	9.x
fedoraproject / fedora	8	8.x
fedoraproject / fedora_core	6	6.x
opensuse / opensuse	11.1	11.1.x
opensuse / opensuse	11.0	11.0.x
debian / debian_linux	3.1	3.1.x
debian / debian_linux	4.0	4.0.x

http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
http://osvdb.org/35494
http://secunia.com/advisories/25073
http://secunia.com/advisories/25095
http://secunia.com/advisories/27047
http://secunia.com/advisories/27085
http://secunia.com/advisories/27103
http://secunia.com/advisories/27486
http://secunia.com/advisories/29129
http://secunia.com/advisories/30413
http://secunia.com/advisories/33568
http://taviso.decsystem.org/virtsec.pdf
http://www.debian.org/security/2007/dsa-1284
http://www.debian.org/security/2007/dsa-1384
http://www.mandriva.com/security/advisories?name=MDKSA-2007:203
http://www.mandriva.com/security/advisories?name=MDVSA-2008:162
http://www.redhat.com/support/errata/RHSA-2007-0323.html
http://www.securityfocus.com/bid/23731
http://www.vupen.com/english/advisories/2007/1597
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10315
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00706.html
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00935.html

Vulnerability Database

289,599

CVE-2007-1320