It has been found that calling VirDomainGetVcpus with bogus parameters can lead to integer overflow and subsequent heap corruption. A remote attacker could use this flaw to crash libvirtd (DoS).
Upstream patch:
https://www.redhat.com/archives/libvir-list/2011-June/msg01278.html
(In reply to comment #8)
> Any reason this bug is still marked NEW when all dependent bugs have been
> closed?
No reason, we can close this bug now. Thanks Eric.