CVE-2019-20382 log

Source
Severity Low
Remote Yes
Type Denial of service
Description
A memory leak has been found in in the way VNC display driver of QEMU <= 4.2.0 handled connection disconnect, when ZRLE, Tight encoding is enabled. It creates two vncState objects, one of which allocates memory for Zlib's data object. This allocated memory is not free'd upon disconnection resulting in the said memory leakage issue.
A user able to connect to the VNC server could use this flaw to leak host memory leading to a potential DoS scenario.
Group Package Affected Fixed Severity Status Ticket
AVG-1110 qemu 4.2.0-2 5.0.0-1 High Fixed
Date Advisory Group Package Severity Description
07 May 2020 ASA-202005-6 AVG-1110 qemu High multiple issues
References
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0