Back to CVE Browser

CVE-2015-5162

HIGH

7.5

CVSS Severity Score

EPSS Score0.0410%

EPSS Percentile9.68th

PublishedOct 7, 2016

Last ModifiedMay 6, 2026

Vulnerability Description

The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image.

Affected Platforms (CPE)

📦

Openstack

Cinder

= 7.0.2

📦

Openstack

Cinder

= 8.0.0

📦

Openstack

Cinder

= 8.1.0

📦

Openstack

Glance

<= 11.0.0

📦

Openstack

Glance

= 11.0.1

📦

Openstack

Glance

= 12.0.0

📦

Openstack

Nova

<= 12.0.3

📦

Openstack

Nova

= 13.0.0

References & Advisories

🔗 http://rhn.redhat.com/errata/RHSA-2016-2923.html

🔗 http://rhn.redhat.com/errata/RHSA-2016-2991.html

🔗 http://rhn.redhat.com/errata/RHSA-2017-0153.html

🔗 http://rhn.redhat.com/errata/RHSA-2017-0156.html

🔗 http://rhn.redhat.com/errata/RHSA-2017-0165.html

🔗 http://rhn.redhat.com/errata/RHSA-2017-0282.html

🔗 http://www.openwall.com/lists/oss-security/2016/10/06/8

🔗 http://www.securityfocus.com/bid/76849

Related Vulnerabilities

CVE-2018-179549.3

An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenSt...

CVE-2020-173768.3

An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0....

CVE-2017-151397.5

A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain stora...

CVE-2015-18516.8

OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote au...