VDB
DEBIAN-CVE-2017-15124
DEBIAN-CVE-2017-15124
PUBLISHED
CVSS 7.5 HIGH
VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.
Risk Scores
CVSS v3.0
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | qemu | 0, 0, 0 |
| Debian:13 | qemu | 0, 0, 0 |
| Debian:14 | qemu | 0, 0, 0 |
| Debian:11 | qemu | 0, 0, 0 |
Timeline
- Jan 9, 2018 CVE Published
- Apr 28, 2026 CVE Updated