Vigil@nce - Qemu: denial of service via VNC SetPixelFormat
December 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An authenticated attacker can send the VNC SetPixelFormat message
to Qemu, in order to trigger a denial of service.
Impacted products: Fedora, QEMU.
Severity: 1/4.
Creation date: 08/12/2015.
DESCRIPTION OF THE VULNERABILITY
The Qemu product can be compiled with VNC Display Driver.
The client can send the SetPixelFormat message to the server, to
define the pixel encoding. However, if the red_max, green_max or
blue_max field is set to zero, an arithmetic error occurs.
An authenticated attacker can therefore send the VNC
SetPixelFormat message to Qemu, in order to trigger a denial of
service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Qemu-denial-of-service-via-VNC-SetPixelFormat-18459