{"id":"CVE-2019-18391","details":"A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.","modified":"2026-04-11T09:39:41.039103Z","published":"2019-12-23T16:15:11.320Z","related":["SUSE-SU-2020:0016-1","SUSE-SU-2020:0017-1","openSUSE-SU-2020:0058-1","openSUSE-SU-2024:11499-1"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/cve-2019-18391"},{"type":"ADVISORY","url":"https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=8c9cfb4e425542e96f0717189fe4658555baaf08"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00017.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00028.html"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1765589"},{"type":"FIX","url":"https://gitlab.freedesktop.org/virgl/virglrenderer/commit/2abeb1802e3c005b17a7123e382171b3fb665971"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.freedesktop.org/virgl/virglrenderer","events":[{"introduced":"0"},{"last_affected":"48cc96c9aebb9d0164830a157efc8916f08f00c0"},{"fixed":"2abeb1802e3c005b17a7123e382171b3fb665971"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.8.0"}]}}],"versions":["virglrenderer-0.2.0","virglrenderer-0.4.0","virglrenderer-0.5.0","virglrenderer-0.6.0","virglrenderer-0.7.0","virglrenderer-0.8.0"],"database_specific":{"vanir_signatures_modified":"2026-04-11T09:39:41Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-18391.json","vanir_signatures":[{"target":{"file":"src/vrend_renderer.c"},"source":"https://gitlab.freedesktop.org/virgl/virglrenderer@2abeb1802e3c005b17a7123e382171b3fb665971","id":"CVE-2019-18391-63b8d975","signature_type":"Line","signature_version":"v1","digest":{"line_hashes":["141347552855496777097344773898259692485","82080927564456806118201595730806083281","131488419841163818612352952790316771532","179374455104432204473931856842977731797","246807098594516868691158148183117145951","222831613115720448266449545946457512616","74242174258136130087693362986902961587","3502818426200585911477805202201942903","142564961026162174146415219564087598519","173939812261767419209301331848291745552","290125616691850514668800301380185149003","171665016758568753867956158656064040453"],"threshold":0.9},"deprecated":false},{"target":{"file":"src/vrend_renderer.c","function":"vrend_renderer_transfer_write_iov"},"source":"https://gitlab.freedesktop.org/virgl/virglrenderer@2abeb1802e3c005b17a7123e382171b3fb665971","id":"CVE-2019-18391-74eaed2f","signature_type":"Function","signature_version":"v1","digest":{"length":7210,"function_hash":"118250254458798477934576909953554061388"},"deprecated":false}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"15.1"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}