CVE-2024-4467

HIGH Year: 2024
CVSS v3 Score
7.8
High
Weakness Type
CWE-400
View all →

Vulnerability Description

A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file.

Related Vulnerabilities

CVE-2017-13825

HIGH
CVSS:7.8(High)

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CoreText" component. It allows remote attackers to execute arbitrary code or cause a denial...

CWE-4002017

CVE-2017-14177

HIGH
CVSS:7.8(High)

Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via ...

CWE-4002017

CVE-2017-14179

HIGH
CVSS:7.8(High)

Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of servic...

CWE-4002017

CVE-2017-14180

HIGH
CVSS:7.8(High)

Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial o...

CWE-4002017

CVE-2017-7132

HIGH
CVSS:7.8(High)

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Quick Look" component. It allows remote attackers to execute arbitrary code or cause a deni...

CWE-4002017

CVE-2017-8247

HIGH
CVSS:7.8(High)

In all Qualcomm products with Android releases from CAF using the Linux kernel, if there is more than one thread doing the device open operation, the device may be opened more than once. This would le...

CWE-4002017