CVE-2007-1321

Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled "NE2000 network driver and the socket code," but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730.

Published: 2007-10-30 Last update: 2026-04-23 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2007-1321 is rated Moderate Risk (42/100): CVSS High severity, with low exploitation likelihood (EPSS 0.46%). Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2007-1321

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.04% 0.46% +0.42%
2 2025-03-30 0.05% 0.04% -0.01%
3 2025-03-29 0.05%

Full EPSS history (7 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2007-1321

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.2 2.0 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C Click to expand
Access vector (AV:L)
Requires local access to the target system.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:C)
Complete confidentiality impact.
Integrity impact (I:C)
Complete integrity impact.
Availability impact (A:C)
Complete availability impact.
 3.9 10.0 [email protected]

Weakness enumeration for CVE-2007-1321

OS Trackers for CVE-2007-1321

vendor priority summary link
debian not yet assigned CVE-2007-1321 not yet assigned priority: Debian including 1 source packages (qemu), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2007-1321
redhat low https://access.redhat.com/security/cve/CVE-2007-1321
ubuntu medium CVE-2007-1321 medium priority: Ubuntu including 4 source packages (kvm, qemu, qemu-kvm, xen-3.1), 31 status rows across 9 suites (dapper, edgy, feisty, gutsy, hardy, intrepid, jaunty, karmic, upstream): DNE 11, released 7, not-affected 6, ignored 5, needed 1, needs-triage 1. https://ubuntu.com/security/CVE-2007-1321

Affected software / configurations for CVE-2007-1321

Vendor Product Version Raw CPE
qemu qemu 0.8.2 cpe:2.3:a:qemu:qemu:0.8.2:*:*:*:*:*:*:*
fedoraproject fedora 7 cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*
fedoraproject fedora_core 6 cpe:2.3:o:fedoraproject:fedora_core:6:*:*:*:*:*:*:*
debian debian_linux 3.1 cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
debian debian_linux 4.0 cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

References for CVE-2007-1321

URL Tags
http://osvdb.org/35495 Broken Link
http://secunia.com/advisories/25073 Third Party Advisory
http://secunia.com/advisories/25095 Third Party Advisory
http://secunia.com/advisories/27047 Third Party Advisory
http://secunia.com/advisories/27072 Third Party Advisory
http://secunia.com/advisories/27103 Third Party Advisory
http://secunia.com/advisories/27486 Third Party Advisory
http://secunia.com/advisories/29129 Third Party Advisory
http://securitytracker.com/id?1018761 Third Party Advisory VDB Entry
http://taviso.decsystem.org/virtsec.pdf Technical Description Third Party Advisory
http://www.attrition.org/pipermail/vim/2007-October/001842.html Third Party Advisory
http://www.debian.org/security/2007/dsa-1284 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:203 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:162 Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0323.html Third Party Advisory
http://www.securityfocus.com/bid/23731 Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2007/1597 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9302 Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00030.html Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html Third Party Advisory
cvelogic Threat Intelligence