High severity7.5NVD Advisory· Published Oct 7, 2016· Updated Jun 17, 2026
CVE-2015-5162
CVE-2015-5162
Description
The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
cinderPyPI | < 7.0.2 | 7.0.2 |
cinderPyPI | >= 8.0.0, < 9.0.0 | 9.0.0 |
glancePyPI | < 14.0.0 | 14.0.0 |
novaPyPI | < 12.0.4 | 12.0.4 |
Affected products
11- ghsa-coords3 versions
< 7.0.2+ 2 more
- (no CPE)range: < 7.0.2
- (no CPE)range: < 14.0.0
- (no CPE)range: < 12.0.4
Patches
Vulnerability mechanics
References
16- launchpad.net/bugs/1449062nvdExploitWEB
- www.openwall.com/lists/oss-security/2016/10/06/8nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-g2j5-7vgx-6xrxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-5162ghsaADVISORY
- rhn.redhat.com/errata/RHSA-2016-2923.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2016-2991.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2017-0153.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2017-0156.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2017-0165.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2017-0282.htmlnvdWEB
- www.securityfocus.com/bid/76849nvdWEB
- access.redhat.com/security/cve/CVE-2015-5162ghsaWEB
- bugzilla.redhat.com/show_bug.cgighsaWEB
- github.com/openstack/cinder/commit/455b318ced717fb38dfe40014817d78fbc47dea5ghsaWEB
- github.com/openstack/glance/commit/69a9b659fd48aa3c1f84fc7bc9ae236b6803d31fghsaWEB
- github.com/openstack/nova/commit/6bc37dcceca823998068167b49aec6def3112397ghsaWEB
News mentions
0No linked articles in our index yet.