Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-bk24-wqs5-5fcv

Summary Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.

Aliases

alias	CVE-2017-2615

Fixed_packages

url	pkg:deb/debian/qemu@1:2.8%2Bdfsg-3?distro=trixie
purl	pkg:deb/debian/qemu@1:2.8%2Bdfsg-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:2.8%252Bdfsg-3%3Fdistro=trixie

url pkg:deb/debian/qemu@1:5.2%2Bdfsg-11%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/qemu@1:5.2%2Bdfsg-11%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hm6-af9b-4yb5

vulnerability	VCID-1zpp-v18j-u7e6

vulnerability	VCID-31aa-88vg-5fbe

vulnerability	VCID-3dnv-ykcu-xua2

vulnerability	VCID-4qxh-hn4s-3qd2

vulnerability	VCID-5m1f-2naj-qyab

vulnerability	VCID-7479-85qj-xyat

vulnerability	VCID-79k7-mrsh-2ffy

vulnerability	VCID-a3aw-mc3u-yqf5

vulnerability	VCID-aj86-qnmq-zbgz

vulnerability	VCID-bfqz-fdnr-euh8

vulnerability	VCID-c35x-dcc5-5fcq

vulnerability	VCID-cdhb-1d2g-a7h5

vulnerability	VCID-cdmt-tr7r-4kh2

vulnerability	VCID-d524-5b9v-hug8

vulnerability	VCID-hfgj-wvzu-pugq

vulnerability	VCID-k3pm-cqyr-gkfj

vulnerability	VCID-mtzn-7ewf-w7g7

vulnerability	VCID-pppc-7y16-syd6

vulnerability	VCID-qxgd-chbm-qfc2

vulnerability	VCID-y2g6-eaqr-tqa5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:5.2%252Bdfsg-11%252Bdeb11u3%3Fdistro=trixie

url pkg:deb/debian/qemu@1:7.2%2Bdfsg-7%2Bdeb12u18?distro=trixie

purl pkg:deb/debian/qemu@1:7.2%2Bdfsg-7%2Bdeb12u18?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hm6-af9b-4yb5

vulnerability	VCID-31aa-88vg-5fbe

vulnerability	VCID-a3aw-mc3u-yqf5

vulnerability	VCID-gxw4-u54k-bkax

vulnerability	VCID-k3pm-cqyr-gkfj

vulnerability	VCID-mtzn-7ewf-w7g7

vulnerability	VCID-qxgd-chbm-qfc2

vulnerability	VCID-x81k-pv9k-w7cm

vulnerability	VCID-y2g6-eaqr-tqa5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:7.2%252Bdfsg-7%252Bdeb12u18%3Fdistro=trixie

url pkg:deb/debian/qemu@1:10.0.8%2Bds-0%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/qemu@1:10.0.8%2Bds-0%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d4j-npsp-kubc

vulnerability	VCID-1hm6-af9b-4yb5

vulnerability	VCID-4kuq-fs6z-efct

vulnerability	VCID-92pg-bqdq-nucc

vulnerability	VCID-a3aw-mc3u-yqf5

vulnerability	VCID-djyv-1714-j3gz

vulnerability	VCID-eubx-rfam-nff7

vulnerability	VCID-mtzn-7ewf-w7g7

vulnerability	VCID-nrwe-ds1p-87d9

vulnerability	VCID-qxgd-chbm-qfc2

vulnerability	VCID-r1t2-3y67-nfgy

vulnerability	VCID-t941-4ygn-n3gc

vulnerability	VCID-x81k-pv9k-w7cm

vulnerability	VCID-xvtt-b2yt-3ydx

vulnerability	VCID-y2g6-eaqr-tqa5

vulnerability	VCID-y3ky-s2wj-ryep

vulnerability	VCID-yqsc-jq8z-puda

vulnerability	VCID-z9q2-8ug5-ybc1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:10.0.8%252Bds-0%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/qemu@1:11.0.0%2Bds-2?distro=trixie

purl pkg:deb/debian/qemu@1:11.0.0%2Bds-2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d4j-npsp-kubc

vulnerability	VCID-92pg-bqdq-nucc

vulnerability	VCID-djyv-1714-j3gz

vulnerability	VCID-t941-4ygn-n3gc

vulnerability	VCID-xvtt-b2yt-3ydx

vulnerability	VCID-y3ky-s2wj-ryep

vulnerability	VCID-z9q2-8ug5-ybc1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:11.0.0%252Bds-2%3Fdistro=trixie

url	pkg:deb/debian/qemu@1:11.0.1%2Bds-1?distro=trixie
purl	pkg:deb/debian/qemu@1:11.0.1%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:11.0.1%252Bds-1%3Fdistro=trixie

url	pkg:ebuild/app-emulation/qemu@2.8.0-r1
purl	pkg:ebuild/app-emulation/qemu@2.8.0-r1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/qemu@2.8.0-r1

url	pkg:ebuild/app-emulation/xen@4.7.1-r5
purl	pkg:ebuild/app-emulation/xen@4.7.1-r5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen@4.7.1-r5

url	pkg:ebuild/app-emulation/xen-tools@4.7.1-r5
purl	pkg:ebuild/app-emulation/xen-tools@4.7.1-r5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-tools@4.7.1-r5

url	pkg:ebuild/app-emulation/xen-tools@4.7.1-r6
purl	pkg:ebuild/app-emulation/xen-tools@4.7.1-r6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-tools@4.7.1-r6

Affected_packages

url pkg:rpm/redhat/kvm@83-277?arch=el5_11

purl pkg:rpm/redhat/kvm@83-277?arch=el5_11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bk24-wqs5-5fcv

vulnerability	VCID-ur84-4qah-6ued

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/kvm@83-277%3Farch=el5_11

url pkg:rpm/redhat/qemu-kvm@2:0.12.1.2-2.491.el6_8?arch=6

purl pkg:rpm/redhat/qemu-kvm@2:0.12.1.2-2.491.el6_8?arch=6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bk24-wqs5-5fcv

vulnerability	VCID-fys8-8bez-gfaj

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/qemu-kvm@2:0.12.1.2-2.491.el6_8%3Farch=6

url pkg:rpm/redhat/qemu-kvm@10:1.5.3-126.el7_3?arch=5

purl pkg:rpm/redhat/qemu-kvm@10:1.5.3-126.el7_3?arch=5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bk24-wqs5-5fcv

vulnerability	VCID-ur84-4qah-6ued

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/qemu-kvm@10:1.5.3-126.el7_3%3Farch=5

url pkg:rpm/redhat/qemu-kvm-rhev@2:0.12.1.2-2.491.el6_8?arch=7

purl pkg:rpm/redhat/qemu-kvm-rhev@2:0.12.1.2-2.491.el6_8?arch=7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bk24-wqs5-5fcv

vulnerability	VCID-fys8-8bez-gfaj

vulnerability	VCID-ur84-4qah-6ued

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/qemu-kvm-rhev@2:0.12.1.2-2.491.el6_8%3Farch=7

url pkg:rpm/redhat/qemu-kvm-rhev@2:0.12.1.2-2.491.el6_8?arch=6

purl pkg:rpm/redhat/qemu-kvm-rhev@2:0.12.1.2-2.491.el6_8?arch=6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bk24-wqs5-5fcv

vulnerability	VCID-fys8-8bez-gfaj

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/qemu-kvm-rhev@2:0.12.1.2-2.491.el6_8%3Farch=6

url pkg:rpm/redhat/qemu-kvm-rhev@10:2.6.0-28.el7_3?arch=6

purl pkg:rpm/redhat/qemu-kvm-rhev@10:2.6.0-28.el7_3?arch=6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bk24-wqs5-5fcv

vulnerability	VCID-fys8-8bez-gfaj

vulnerability	VCID-ur84-4qah-6ued

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/qemu-kvm-rhev@10:2.6.0-28.el7_3%3Farch=6

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2615.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2615.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-2615

reference_id

reference_type

scores

value	0.0101
scoring_system	epss
scoring_elements	0.77447
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-2615

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1418200
reference_id	1418200
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1418200

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854731
reference_id	854731
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854731

reference_url	https://security.gentoo.org/glsa/201702-27
reference_id	GLSA-201702-27
reference_type
scores
url	https://security.gentoo.org/glsa/201702-27

reference_url	https://security.gentoo.org/glsa/201702-28
reference_id	GLSA-201702-28
reference_type
scores
url	https://security.gentoo.org/glsa/201702-28

reference_url	https://access.redhat.com/errata/RHSA-2017:0309
reference_id	RHSA-2017:0309
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0309

reference_url	https://access.redhat.com/errata/RHSA-2017:0328
reference_id	RHSA-2017:0328
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0328

reference_url	https://access.redhat.com/errata/RHSA-2017:0329
reference_id	RHSA-2017:0329
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0329

reference_url	https://access.redhat.com/errata/RHSA-2017:0330
reference_id	RHSA-2017:0330
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0330

reference_url	https://access.redhat.com/errata/RHSA-2017:0331
reference_id	RHSA-2017:0331
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0331

reference_url	https://access.redhat.com/errata/RHSA-2017:0332
reference_id	RHSA-2017:0332
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0332

reference_url	https://access.redhat.com/errata/RHSA-2017:0333
reference_id	RHSA-2017:0333
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0333

reference_url	https://access.redhat.com/errata/RHSA-2017:0334
reference_id	RHSA-2017:0334
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0334

reference_url	https://access.redhat.com/errata/RHSA-2017:0344
reference_id	RHSA-2017:0344
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0344

reference_url	https://access.redhat.com/errata/RHSA-2017:0350
reference_id	RHSA-2017:0350
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0350

reference_url	https://access.redhat.com/errata/RHSA-2017:0396
reference_id	RHSA-2017:0396
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0396

reference_url	https://access.redhat.com/errata/RHSA-2017:0454
reference_id	RHSA-2017:0454
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0454

reference_url	https://xenbits.xen.org/xsa/advisory-208.html
reference_id	XSA-208
reference_type
scores
url	https://xenbits.xen.org/xsa/advisory-208.html

Weaknesses

cwe_id	787
name	Out-of-bounds Write
description	The product writes data past the end, or before the beginning, of the intended buffer.

Exploits

Severity_range_score 5.5 - 5.5

Exploitability 0.5

Weighted_severity 5.0

Risk_score 2.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bk24-wqs5-5fcv

Vulnerability Instance