{"id":"CVE-2014-0223","details":"Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read.","modified":"2026-04-16T06:21:13.366497473Z","published":"2014-11-04T21:55:25Z","related":["SUSE-SU-2015:0870-1","SUSE-SU-2015:0889-1","SUSE-SU-2015:0929-1","SUSE-SU-2015:1152-1"],"references":[{"type":"ADVISORY","url":"http://www.debian.org/security/2014/dsa-3044"},{"type":"EVIDENCE","url":"https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02156.html"},{"type":"FIX","url":"http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html"},{"type":"WEB","url":"http://www.securityfocus.com/bid/67391"}],"schema_version":"1.7.5"}