VDB
CVE-2008-4539
CVE-2008-4539
PUBLISHED
CVSS 8.600000381469727 HIGH
Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320.
EPSS 0.05% · 15.2th percentile
Risk Scores
CVSS 4.0
8.600000381469727
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.05%
15.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| qemu | qemu | 0 |
| n/a | n/a | * |
| canonical | ubuntu_linux | 8.04, 8.10 |
| kvm_qumranet | kvm | 0 |
| debian | debian_linux | 4.0, 5.0 |
Exploit Intelligence
- 35062 (circl)
- [secure-testing-commits] 20081103 r10251 - data/CVE (circl)
- [cvs-all] 20081102 cvs commit: ports/emulators/qemu Makefile ports/emulators/qemu/files patch-CVE-2008-4539 ports/emulators/qemu-devel Makefile ports/emulators/qemu-devel/files patch-CVE-2008-4539 (circl)
- FEDORA-2008-11705 (circl)
- 25073 (circl)
- 34642 (circl)
- https://bugzilla.redhat.com/show_bug.cgi?id=466890 (circl)
- USN-776-1 (circl)
- 33350 (circl)
- https://bugzilla.redhat.com/show_bug.cgi?id=448525 (circl)
…and 10 more exploits
Timeline
- Dec 29, 2008 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- 35062 third-party-advisory
- [secure-testing-commits] 20081103 r10251 - data/CVE mailing-list
- [cvs-all] 20081102 cvs commit: ports/emulators/qemu Makefile ports/emulators/qemu/files patch-CVE-2008-4539 ports/emulators/qemu-devel Makefile ports/emulators/qemu-devel/files patch-CVE-2008-4539 mailing-list
- FEDORA-2008-11705 vendor-advisory
- 25073 third-party-advisory
- 34642 third-party-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=466890 url
- USN-776-1 vendor-advisory
- 33350 third-party-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=448525 url
- qemu-kvm-cirrusvga-bo(47736) vdb
- https://bugzilla.redhat.com/show_bug.cgi?id=237342 url
- SUSE-SR:2009:008 vendor-advisory
- 29129 third-party-advisory
- http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=5587 url
- DSA-1799 vendor-advisory
- [debian-devel-changes] 20081101 Accepted qemu 0.9.1+svn20081101-1 (source amd64) mailing-list
- http://git.kernel.dk/?p=qemu.git%3Ba=commitdiff%3Bh=65d35a09979e63541afc5bfc595b9f1b1b4ae069 url
- 35031 third-party-advisory
- https://launchpad.net/ubuntu/jaunty/+source/qemu/0.9.1+svn20081112-1ubuntu1 url
…and 4 more