CVE-2007-1320 Information

Description

Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2 as used in Xen and possibly other products might allow local users to execute arbitrary code via unspecified vectors related to \attempting to mark non-existent regions as dirty\ aka the \bitblt\ heap overflow.

Reference

http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html http://osvdb.org/35494 http://secunia.com/advisories/25073 http://secunia.com/advisories/25095 http://secunia.com/advisories/27047 http://secunia.com/advisories/27085 http://secunia.com/advisories/27103 http://secunia.com/advisories/27486 http://secunia.com/advisories/29129 http://secunia.com/advisories/30413 http://secunia.com/advisories/33568 http://taviso.decsystem.org/virtsec.pdf http://www.debian.org/security/2007/dsa-1284 http://www.debian.org/security/2007/dsa-1384 http://www.mandriva.com/security/advisories?name=MDKSA-2007:203 http://www.mandriva.com/security/advisories?name=MDVSA-2008:162 http://www.redhat.com/support/errata/RHSA-2007-0323.html http://www.securityfocus.com/bid/23731 http://www.vupen.com/english/advisories/2007/1597 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10315 https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00706.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00935.html