CVE-2015-5225

Description

Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface.

How to fix CVE-2015-5225

To remediate CVE-2015-5225, upgrade the affected package to a fixed version below.

• Debian/qemu—upgrade to 1:2.4+dfsg-1a or later

Is CVE-2015-5225 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1:2.4+dfsg-1a

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2015-5225