{"id":"CVE-2011-4111","details":"Buffer overflow in the ccid_card_vscard_handle_message function in hw/ccid-card-passthru.c in QEMU before 0.15.2 and 1.x before 1.0-rc4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VSC_ATR message.","modified":"2026-01-27T04:10:58.812464Z","published":"2014-02-26T15:55:08Z","withdrawn":"2026-01-27T04:10:58.812464Z","references":[{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2011-1777.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2011-1801.html"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=751310"},{"type":"WEB","url":"http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log"},{"type":"WEB","url":"http://git.qemu.org/?p=qemu.git%3Ba=log%3Bh=refs/heads/stable-1.0"}],"schema_version":"1.7.3"}