]> xenbits.xensource.com Git - qemu-xen-4.4-testing.git/commit
projects / qemu-xen-4.4-testing.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8e46360) | patch
CVE-2007-1320 - Cirrus LGD-54XX "bitblt" heap overflow
authoraurel32 <aurel32@c046a42c-6fe2-441c-8c8c-71466251a162>
Mon, 5 May 2008 21:26:31 +0000 (21:26 +0000)
committerIan Jackson <Ian.Jackson@eu.citrix.com>
Fri, 23 May 2008 17:13:04 +0000 (18:13 +0100)
commit1ef6820edbe9f78de96dff181ed4150d1c1136d8
tree13506f0e90a3718543193c01604ed0a48bb42a64tree
parent8e463606a704b9fd663f315c79c1fea415133282commit | diff
CVE-2007-1320 - Cirrus LGD-54XX "bitblt" heap overflow

I have just noticed that patch for CVE-2007-1320 has never been applied
to the QEMU CVS. Please find it below.

| Multiple heap-based buffer overflows in the cirrus_invalidate_region
| function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and
| possibly other products, might allow local users to execute arbitrary
| code via unspecified vectors related to "attempting to mark
| non-existent regions as dirty," aka the "bitblt" heap overflow.

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4340 c046a42c-6fe2-441c-8c8c-71466251a162
hw/cirrus_vga.c diff | blob | history
hw/cirrus_vga_rop.h diff | blob | history
Unnamed repository; edit this file to name it for gitweb.