Spice Project : Security Vulnerabilities, CVEs, Published In 2016 (Code Execution)
The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.
Max CVSS
10.0
EPSS Score
3.65%
Published
2016-06-09
Updated
2023-02-12
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.
Max CVSS
7.8
EPSS Score
0.08%
Published
2016-06-07
Updated
2023-02-13
2 vulnerabilities found