Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message using incorrect integer data types, or (3) using the Fuzzy Screen Mode protocol, related to double free vulnerabilities.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2009-10-23T18:00:00
Updated: 2024-08-07T06:31:10.921Z
Reserved: 2009-10-09T00:00:00
Link: CVE-2009-3616
Vulnrichment
No data.
NVD
Status : Modified
Published: 2009-10-23T18:30:00.390
Modified: 2024-11-21T01:07:48.763
Link: CVE-2009-3616
Redhat
No data.