libguestfs before 1.5.23, as used in virt-v2v, virt-inspector 1.5.3 and earlier, and possibly other products, when a raw-format disk image is used, allows local guest OS administrators to read files from the host via a crafted (1) qcow2, (2) VMDK, or (3) VDI header, related to lack of support for a disk format specifier.
2010-11-04T18:00:02.767
2025-04-11T00:51:21.963
Deferred
CVSSv2: 4.7 (MEDIUM)
AV:L/AC:M/Au:N/C:C/I:N/A:N
3.4
6.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | libguestfs | libguestfs | ≤ 1.5.22 | Yes |
| Application | libguestfs | libguestfs | 1.5.0 | Yes |
| Application | libguestfs | libguestfs | 1.5.1 | Yes |
| Application | libguestfs | libguestfs | 1.5.2 | Yes |
| Application | libguestfs | libguestfs | 1.5.3 | Yes |
| Application | libguestfs | libguestfs | 1.5.4 | Yes |
| Application | libguestfs | libguestfs | 1.5.5 | Yes |
| Application | libguestfs | libguestfs | 1.5.6 | Yes |
| Application | libguestfs | libguestfs | 1.5.7 | Yes |
| Application | libguestfs | libguestfs | 1.5.8 | Yes |
| Application | libguestfs | libguestfs | 1.5.9 | Yes |
| Application | libguestfs | libguestfs | 1.5.10 | Yes |
| Application | libguestfs | libguestfs | 1.5.11 | Yes |
| Application | libguestfs | libguestfs | 1.5.12 | Yes |
| Application | libguestfs | libguestfs | 1.5.13 | Yes |
| Application | libguestfs | libguestfs | 1.5.14 | Yes |
| Application | libguestfs | libguestfs | 1.5.15 | Yes |
| Application | libguestfs | libguestfs | 1.5.16 | Yes |
| Application | libguestfs | libguestfs | 1.5.17 | Yes |
| Application | libguestfs | libguestfs | 1.5.18 | Yes |
| Application | libguestfs | libguestfs | 1.5.19 | Yes |
| Application | libguestfs | libguestfs | 1.5.20 | Yes |
| Application | libguestfs | libguestfs | 1.5.21 | Yes |
| Application | matthew_booth | virt-v2v | * | No |
| Application | richard_jones | virt-inspector | ≤ 1.5.3 | No |