What the vulnerability does

01Description

An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service.

Key dates

02Disclosure timeline

October 17, 2022 CVE published
May 14, 2025 Record updated