CVE-2014-0145

Publication date 26 March 2014

Last updated 25 August 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

7.8 · High

Score breakdown

Description

Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/qcow2-snapshot.c) or (2) uncompressed chunk, (3) chunk length, or (4) number of sectors in the DMG block driver (block/dmg.c).

Status

Package Ubuntu Release Status
qemu 14.04 LTS trusty
Not affected
13.10 saucy Ignored end of life
12.10 quantal Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Not in release
qemu-kvm 14.04 LTS trusty Not in release
13.10 saucy Not in release
12.10 quantal Ignored end of life
12.04 LTS precise
Fixed 1.0+noroms-0ubuntu14.17
10.04 LTS lucid
Fixed 0.12.3+noroms-0ubuntu9.24

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
qemu
qemu-kvm

Severity score breakdown

CVSS version: CVSS v3.0

Base score 7.8 · High

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

Related Ubuntu Security Notices (USN)

    • USN-2342-1
    • QEMU vulnerabilities
    • 8 September 2014

Other references

Access our resources on patching vulnerabilities