CVE 2015-8504
Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.
See the
CVE page on Mitre.org
for more details.