Spice Project » Spice : Security Vulnerabilities, CVEs, (Code Execution)

CVE-2018-10893

Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.
Max CVSS
8.8
EPSS Score
0.26%
Published
2018-09-11
Updated
2023-02-12

CVE-2016-0749

The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.
Max CVSS
10.0
EPSS Score
3.65%
Published
2016-06-09
Updated
2023-02-12

CVE-2015-5260

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.
Max CVSS
7.8
EPSS Score
0.08%
Published
2016-06-07
Updated
2023-02-13

CVE-2015-3247

Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors.
Max CVSS
6.9
EPSS Score
0.90%
Published
2015-09-08
Updated
2023-02-12
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close