vulnerability
FreeBSD: VID-2b3b4c27-b0c7-11e5-8d13-bc5ff45d0f28 (CVE-2015-5225): qemu -- buffer overflow vulnerability in VNC
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:N/C:C/I:C/A:C) | Jan 1, 2016 | Dec 10, 2025 | Dec 10, 2025 |
Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
Jan 1, 2016
Added
Dec 10, 2025
Modified
Dec 10, 2025
Description
Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the VNC display driver support is vulnerable to a buffer overflow flaw leading to a heap memory corruption issue. It could occur while refreshing the server display surface via routine vnc_refresh_server_surface(). A privileged guest user could use this flaw to corrupt the heap memory and crash the Qemu process instance OR potentially use it to execute arbitrary code on the host.
Solutions
freebsd-upgrade-package-qemufreebsd-upgrade-package-qemu-develfreebsd-upgrade-package-qemu-sbrunofreebsd-upgrade-package-qemu-user-static
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.