DEBIAN-CVE-2007-1320

DEBIAN-CVE-2007-1320 PUBLISHED CVSS 8.600000381469727 HIGH

Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow.

Risk Scores

CVSS v4.0

8.600000381469727

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
Debian:14	qemu	0, 0, 0
Debian:11	qemu	0, 0, 0
Debian:12	qemu	0, 0, 0
Debian:13	qemu	0, 0, 0

Timeline

May 2, 2007 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2007-1320 advisory

Open in Interactive Console →