VYPR
High severity7.5NVD Advisory· Published Oct 7, 2016· Updated Jun 17, 2026

CVE-2015-5162

CVE-2015-5162

Description

The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
cinderPyPI
< 7.0.27.0.2
cinderPyPI
>= 8.0.0, < 9.0.09.0.0
glancePyPI
< 14.0.014.0.0
novaPyPI
< 12.0.412.0.4

Affected products

11
  • OpenStack/Cinder3 versions
    cpe:2.3:a:openstack:cinder:7.0.2:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:openstack:cinder:7.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:cinder:8.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:cinder:8.1.0:*:*:*:*:*:*:*
  • OpenStack/Glance3 versions
    cpe:2.3:a:openstack:glance:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:openstack:glance:*:*:*:*:*:*:*:*range: <=11.0.0
    • cpe:2.3:a:openstack:glance:11.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:glance:12.0.0:*:*:*:*:*:*:*
  • OpenStack/Nova2 versions
    cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*range: <=12.0.3
    • cpe:2.3:a:openstack:nova:13.0.0:*:*:*:*:*:*:*
  • ghsa-coords3 versions
    < 7.0.2+ 2 more
    • (no CPE)range: < 7.0.2
    • (no CPE)range: < 14.0.0
    • (no CPE)range: < 12.0.4

Patches

Vulnerability mechanics

References

16

News mentions

0

No linked articles in our index yet.