{"id":"CVE-2017-2633","details":"An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.","modified":"2026-02-21T07:14:27.261553Z","published":"2018-07-27T19:29:00.533Z","related":["SUSE-SU-2017:1080-1","SUSE-SU-2017:1081-1","SUSE-SU-2017:1147-1","SUSE-SU-2017:2969-1","SUSE-SU-2018:0019-1","SUSE-SU-2018:0039-1"],"references":[{"type":"WEB","url":"https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f64916da20eea67121d544698676295bbb105a7"},{"type":"WEB","url":"https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=bea60dd7679364493a0d7f5b54316c767cf894ef"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2017/02/23/1"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/96417"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1205"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1206"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1441"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1856"},{"type":"ADVISORY","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2017/02/23/1"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2017/02/23/1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/qemu/qemu","events":[{"introduced":"0"},{"fixed":"adba377ea7880c0aa43787fdfbadbc5f6afeaa16"}]}],"versions":["v0.1.0","v0.1.1","v0.1.3","v0.1.4","v0.1.5","v0.1.6","v0.11.0-rc0","v0.12.0-rc0","v0.13.0-rc0","v0.14.0-rc0","v0.15.0-rc0","v0.2.0","v0.3.0","v0.4.0","v0.4.1","v0.4.2","v0.4.3","v0.4.4","v0.5.0","v1.0","v1.0-rc0","v1.0-rc1","v1.0-rc2","v1.0-rc3","v1.0-rc4","v1.1-rc0","v1.1-rc1","v1.1-rc2","v1.1.0","v1.1.0-rc2","v1.1.0-rc3","v1.1.0-rc4","v1.2.0","v1.2.0-rc0","v1.2.0-rc1","v1.2.0-rc2","v1.2.0-rc3","v1.3.0","v1.3.0-rc0","v1.3.0-rc1","v1.3.0-rc2","v1.4.0","v1.4.0-rc0","v1.4.0-rc1","v1.4.0-rc2","v1.5.0","v1.5.0-rc0","v1.5.0-rc1","v1.5.0-rc2","v1.5.0-rc3","v1.6.0","v1.6.0-rc0","v1.6.0-rc1","v1.6.0-rc2","v1.6.0-rc3","v1.7.0","v1.7.0-rc0","v1.7.0-rc1","v1.7.0-rc2","v1.7.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-2633.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}