VDB
DEBIAN-CVE-2024-4467
DEBIAN-CVE-2024-4467
PUBLISHED
CVSS 7.800000190734863 HIGH
A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file.
Risk Scores
CVSS v3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | qemu | 7.2+dfsg, 7.2+dfsg, 7.2+dfsg |
| Debian:14 | qemu | 0, 0 |
| Debian:13 | qemu | 0, 0 |
| Debian:11 | qemu | *, *, * |
Timeline
- Jul 2, 2024 CVE Published
- Apr 28, 2026 CVE Updated