CVE-2017-2633
6.5
MEDIUM
CVSS 3.1
EPSS 0.56%
Description
An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.
How to fix CVE-2017-2633
To remediate CVE-2017-2633, upgrade the affected package to a fixed version below.
- Debian/qemu—upgrade to 2.1+dfsg-1 or later
Is CVE-2017-2633 being exploited?
Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.1+dfsg-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |