CVE-2024-4467
Advisory lineage Upstream: 0 Downstream: 19
Deferred
Published: 02 Jul 2024, 15:57
Last modified:25 Feb 2026, 20:31
Vulnerability Summary
Overall Risk (default)
medium
31/100 CVSS Score
7.8 HIGH
v3.1 (cve.org)
EPSS Score
0.05% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
02 Jul 2024, 15:57
Published
Vulnerability first disclosed
25 Feb 2026, 20:31
Last Modified
Vulnerability information updated
Description
A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file.
CVSS Metrics
- v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Trends
Current EPSS score: 0.05%• Percentile: 17%
Techniques & Countermeasures
- CWE-400•Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
- CWE-787•Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
References (13)
- https://access.redhat.com/errata/RHSA-2024:4276
- https://access.redhat.com/errata/RHSA-2024:4277
- https://access.redhat.com/errata/RHSA-2024:4278
- https://access.redhat.com/errata/RHSA-2024:4372
- https://access.redhat.com/errata/RHSA-2024:4373
- https://access.redhat.com/errata/RHSA-2024:4374
- https://access.redhat.com/errata/RHSA-2024:4420
- https://access.redhat.com/errata/RHSA-2024:4724
- https://access.redhat.com/errata/RHSA-2024:4727
- https://access.redhat.com/security/cve/CVE-2024-4467
- https://bugzilla.redhat.com/show_bug.cgi?id=2278875
- http://www.openwall.com/lists/oss-security/2024/07/23/2
- https://security.netapp.com/advisory/ntap-20240822-0005/