High severity7.8NVD Advisory· Published Jul 2, 2024· Updated Apr 15, 2026

CVE-2024-4467

Description

A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a json:{} value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.openwall.com/lists/oss-security/2024/07/23/2nvd
access.redhat.com/errata/RHSA-2024:4276nvd
access.redhat.com/errata/RHSA-2024:4277nvd
access.redhat.com/errata/RHSA-2024:4278nvd
access.redhat.com/errata/RHSA-2024:4372nvd
access.redhat.com/errata/RHSA-2024:4373nvd
access.redhat.com/errata/RHSA-2024:4374nvd
access.redhat.com/errata/RHSA-2024:4420nvd
access.redhat.com/errata/RHSA-2024:4724nvd
access.redhat.com/errata/RHSA-2024:4727nvd
access.redhat.com/security/cve/CVE-2024-4467nvd
bugzilla.redhat.com/show_bug.cginvd
security.netapp.com/advisory/ntap-20240822-0005/nvd

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000