suse · CVE-2015-5162

Quick triage

Priority: medium Published: 2021-05-30 13:31:39 UTC Updated: 2025-11-05 04:47:12 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2015-5162 severity moderate: SUSE including 26 source package names (openstack-cinder, openstack-cinder-api, …), 47 product×package rows across 2 product lines (SUSE OpenStack Cloud 6, SUSE OpenStack Cloud 7): Known Not Affected 47.

Description:

The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image.

cvelogic Threat Intelligence