CVE-2017-7980

Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.

Published: Jul 25, 2017
Updated: Nov 9, 2025
CVE: CVE-2017-7980
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
qemu / qemu	-	2.8.x
canonical / ubuntu_linux	16.10	16.10.x
canonical / ubuntu_linux	16.04	16.04.x
canonical / ubuntu_linux	14.04	14.04.x
canonical / ubuntu_linux	17.04	17.04.x
debian / debian_linux	8.0	8.0.x
redhat / openstack	7.0	7.0.x
redhat / openstack	6.0	6.0.x
redhat / openstack	10	10.x
redhat / openstack	9	9.x
redhat / openstack	8	8.x
redhat / openstack	5.0	5.0.x
redhat / virtualization	3.0	3.0.x
redhat / enterprise_linux_desktop	7.0	7.0.x
redhat / enterprise_linux_workstation	7.0	7.0.x
redhat / enterprise_linux_server	7.0	7.0.x
redhat / enterprise_linux_desktop	6.0	6.0.x
redhat / enterprise_linux_server	6.0	6.0.x
redhat / enterprise_linux_workstation	6.0	6.0.x
redhat / enterprise_linux_server_tus	7.3	7.3.x
redhat / enterprise_linux_server_aus	7.3	7.3.x
redhat / enterprise_linux_server_aus	7.4	7.4.x
redhat / enterprise_linux_server_eus	7.3	7.3.x
redhat / enterprise_linux_server_eus	7.4	7.4.x
redhat / enterprise_linux_server_eus	7.5	7.5.x
redhat / enterprise_linux_server_tus	7.6	7.6.x
redhat / enterprise_linux_server_eus	7.6	7.6.x
redhat / enterprise_linux_server_aus	7.6	7.6.x

Vulnerability Database

313,519

CVE-2017-7980

Deep Security Visibility Without the Complexity