CVE-2014-0145

Name: CVE-2014-0145
Creator: NVD / NIST
Published: 2017-08-10T15:29:00.27+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.51%

Last modified Jun 17, 2026

CVE-2014-0145 is a vulnerability of currently unknown severity. Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/qcow2-snapshot.c) or (2) uncompressed chunk, (3) chunk length, or (4) number of sectors in the DMG block driver (block/dmg.c).. EPSS estimates a 0.51% chance of exploitation in the next 30 days.

Description

Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/qcow2-snapshot.c) or (2) uncompressed chunk, (3) chunk length, or (4) number of sectors in the DMG block driver (block/dmg.c).

Metrics

EPSS Probability

0.51%

39.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions	Update
Qemu	Qemu	<= 1.7.1	—
Qemu	Qemu	2.0.0	Rc0

References

http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c05e4667be91b46ab42b5a11babf8e84d476cc6b
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f0dce23475b5af5da6b17b97c1765271307734b6
http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=c165f7758009a4f793c1fc19ebb69cf55313450b
http://rhn.redhat.com/errata/RHSA-2014-0420.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0421.htmlThird Party Advisory
http://www.debian.org/security/2014/dsa-3044
http://www.openwall.com/lists/oss-security/2014/03/26/8Mailing List, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1078885Issue Tracking, Third Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.htmlPatch, Third Party Advisory
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c05e4667be91b46ab42b5a11babf8e84d476cc6b
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f0dce23475b5af5da6b17b97c1765271307734b6
http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=c165f7758009a4f793c1fc19ebb69cf55313450b
http://rhn.redhat.com/errata/RHSA-2014-0420.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0421.htmlThird Party Advisory
http://www.debian.org/security/2014/dsa-3044
http://www.openwall.com/lists/oss-security/2014/03/26/8Mailing List, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1078885Issue Tracking, Third Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.htmlPatch, Third Party Advisory

Timeline

Published: Aug 10, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2014-0145?

How severe is CVE-2014-0145?

Severity scoring for CVE-2014-0145 is pending analysis. The EPSS model estimates a 0.51% probability of exploitation in the next 30 days.

How do I fix CVE-2014-0145?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-0145?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST