{"id":"CVE-2016-9603","details":"A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.","modified":"2026-05-18T05:48:41.317724231Z","published":"2018-07-27T21:29:00.290Z","related":["SUSE-SU-2017:1080-1","SUSE-SU-2017:1081-1","SUSE-SU-2017:1143-1","SUSE-SU-2017:1145-1","SUSE-SU-2017:1146-1","SUSE-SU-2017:1147-1","SUSE-SU-2017:1774-1","SUSE-SU-2017:2326-1","SUSE-SU-2017:2946-1","SUSE-SU-2017:2963-1","SUSE-SU-2017:2969-1","SUSE-SU-2017:3084-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","cpes":["cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*","cpe:2.3:a:citrix:xenserver:6.2.0:sp1:*:*:*:*:*:*","cpe:2.3:a:citrix:xenserver:6.5:sp1:*:*:*:*:*:*","cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*","cpe:2.3:a:citrix:xenserver:7.1:*:*:*:*:*:*:*"],"vendor_product":"citrix:xenserver","extracted_events":[{"last_affected":"6.0.2"},{"last_affected":"6.2.0-sp1"},{"last_affected":"6.5-sp1"},{"last_affected":"7.0"},{"last_affected":"7.1"}]},{"cpes":["cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"debian:debian_linux","extracted_events":[{"last_affected":"7.0"}]},{"cpes":["cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"redhat:enterprise_linux_desktop","extracted_events":[{"last_affected":"6.0"},{"last_affected":"7.0"}]},{"cpes":["cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"redhat:enterprise_linux_server","extracted_events":[{"last_affected":"6.0"},{"last_affected":"7.0"}]},{"source":"CPE_FIELD","cpes":["cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*"],"vendor_product":"redhat:enterprise_linux_server_aus","extracted_events":[{"last_affected":"7.3"},{"last_affected":"7.4"}]},{"source":"CPE_FIELD","cpes":["cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*"],"vendor_product":"redhat:enterprise_linux_server_eus","extracted_events":[{"last_affected":"7.3"},{"last_affected":"7.4"},{"last_affected":"7.5"}]},{"source":"CPE_FIELD","cpes":["cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"],"vendor_product":"redhat:enterprise_linux_workstation","extracted_events":[{"last_affected":"6.0"},{"last_affected":"7.0"}]},{"cpes":["cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*","cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*","cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*","cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*","cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*","cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"redhat:openstack","extracted_events":[{"last_affected":"5.0"},{"last_affected":"6.0"},{"last_affected":"7.0"},{"last_affected":"8"},{"last_affected":"9"},{"last_affected":"10"}]}]},"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/96893"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1038023"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:0980"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:0981"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:0982"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:0983"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:0984"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:0985"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:0987"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:0988"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1205"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1206"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1441"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201706-03"},{"type":"ADVISORY","url":"https://support.citrix.com/article/CTX221578"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9603"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/qemu/qemu","events":[{"introduced":"0"},{"fixed":"359c41abe32638adad503e386969fa428cecff52"}],"database_specific":{"source":"CPE_FIELD","cpe":"cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"2.9.0"}]}}],"versions":["v2.9.0-rc5","v2.9.0-rc4","v2.9.0-rc3","v2.9.0-rc2","v2.9.0-rc1","v2.8.0","v2.9.0-rc0","v2.8.0-rc4","v2.8.0-rc3","v2.8.0-rc2","v2.8.0-rc1","v2.8.0-rc0","v2.7.0","v2.7.0-rc5","v2.7.0-rc4","v2.7.0-rc3","v2.7.0-rc2","v2.6.0","v2.7.0-rc1","v2.7.0-rc0","v2.6.0-rc5","v2.6.0-rc4","v2.6.0-rc3","v2.6.0-rc2","v2.6.0-rc1","v2.6.0-rc0","v2.5.0","v2.5.0-rc4","v2.5.0-rc3","v2.5.0-rc2","v2.5.0-rc1","v2.5.0-rc0","v2.4.0","v2.4.0-rc4","v2.4.0-rc3","v2.3.0","v2.4.0-rc2","v2.4.0-rc1","v2.4.0-rc0","v2.3.0-rc4","v2.3.0-rc3","v2.3.0-rc2","v2.3.0-rc1","v2.3.0-rc0","v2.2.0","v2.2.0-rc3","v2.2.0-rc5","v2.2.0-rc4","v2.2.0-rc2","v2.2.0-rc1","v2.2.0-rc0","v2.1.0","v2.1.0-rc5","v2.1.0-rc4","v2.1.0-rc2","v2.1.0-rc3","v2.0.0","v2.1.0-rc1","v2.1.0-rc0","v2.0.0-rc3","v2.0.0-rc2","v2.0.0-rc1","v2.0.0-rc0","v1.7.0","v1.7.0-rc2","v1.7.0-rc1","v1.7.0-rc0","v1.6.0","v1.6.0-rc3","v1.6.0-rc2","v1.6.0-rc1","v1.6.0-rc0","v1.5.0","v1.5.0-rc3","v1.5.0-rc2","v1.5.0-rc1","v1.5.0-rc0","v1.4.0","v1.4.0-rc2","v1.4.0-rc1","v1.4.0-rc0","v1.3.0","v1.3.0-rc2","v1.3.0-rc1","v1.3.0-rc0","v1.2.0","v1.2.0-rc3","v1.2.0-rc2","v1.2.0-rc1","v1.2.0-rc0","v1.1.0","v1.1.0-rc4","v1.1.0-rc3","v1.1.0-rc2","v1.1-rc2","v1.1-rc1","v1.1-rc0","v1.0","v1.0-rc4","v1.0-rc3","v1.0-rc2","v1.0-rc1","v1.0-rc0","v0.14.0-rc0","v0.13.0-rc0","v0.12.0-rc0","v0.11.0-rc0","v0.5.0","v0.4.4","v0.4.3","v0.4.2","v0.4.1","v0.4.0","v0.3.0","v0.2.0","v0.1.6","v0.1.5","v0.1.4","v0.1.3","v0.1.1","v0.1.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9603.json"}},{"ranges":[{"type":"GIT","repo":"https://gitlab.com/qemu-project/qemu","events":[{"introduced":"0"},{"fixed":"359c41abe32638adad503e386969fa428cecff52"}],"database_specific":{"source":"CPE_FIELD","cpe":"cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"2.9.0"}]}}],"versions":["v2.9.0-rc5","v2.9.0-rc4","v2.9.0-rc3","v2.9.0-rc2","v2.9.0-rc1","v2.8.0","v2.9.0-rc0","v2.8.0-rc4","v2.8.0-rc3","v2.8.0-rc2","v2.8.0-rc1","v2.8.0-rc0","v2.7.0","v2.7.0-rc5","v2.7.0-rc4","v2.7.0-rc3","v2.7.0-rc2","v2.6.0","v2.7.0-rc1","v2.7.0-rc0","v2.6.0-rc5","v2.6.0-rc4","v2.6.0-rc3","v2.6.0-rc2","v2.6.0-rc1","v2.6.0-rc0","v2.5.0","v2.5.0-rc4","v2.5.0-rc3","v2.5.0-rc2","v2.5.0-rc1","v2.5.0-rc0","v2.4.0","v2.4.0-rc4","v2.4.0-rc3","v2.3.0","v2.4.0-rc2","v2.4.0-rc1","v2.4.0-rc0","v2.3.0-rc4","v2.3.0-rc3","v2.3.0-rc2","v2.3.0-rc1","v2.3.0-rc0","v2.2.0","v2.2.0-rc3","v2.2.0-rc5","v2.2.0-rc4","v2.2.0-rc2","v2.2.0-rc1","v2.2.0-rc0","v2.1.0","v2.1.0-rc5","v2.1.0-rc4","v2.1.0-rc2","v2.1.0-rc3","v2.0.0","v2.1.0-rc1","v2.1.0-rc0","v2.0.0-rc3","v2.0.0-rc2","v2.0.0-rc1","v2.0.0-rc0","v1.7.0","v1.7.0-rc2","v1.7.0-rc1","v1.7.0-rc0","v1.6.0","v1.6.0-rc3","v1.6.0-rc2","v1.6.0-rc1","v1.6.0-rc0","v1.5.0","v1.5.0-rc3","v1.5.0-rc2","v1.5.0-rc1","v1.5.0-rc0","v1.4.0","v1.4.0-rc2","v1.4.0-rc1","v1.4.0-rc0","v1.3.0","v1.3.0-rc2","v1.3.0-rc1","v1.3.0-rc0","v1.2.0","v1.2.0-rc3","v1.2.0-rc2","v1.2.0-rc1","v1.2.0-rc0","v1.1.0","v1.1.0-rc4","v1.1.0-rc3","v1.1.0-rc2","v1.1-rc2","v1.1-rc1","v1.1-rc0","v1.0","v1.0-rc4","v1.0-rc3","v1.0-rc2","v1.0-rc1","v1.0-rc0","v0.14.0-rc0","v0.13.0-rc0","v0.12.0-rc0","v0.11.0-rc0","v0.5.0","v0.4.4","v0.4.3","v0.4.2","v0.4.1","v0.4.0","v0.3.0","v0.2.0","v0.1.6","v0.1.5","v0.1.4","v0.1.3","v0.1.1","v0.1.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9603.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}]}