Spice Project » Spice : Security Vulnerabilities, CVEs, (Code Execution)
Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.
Max CVSS
8.8
EPSS Score
0.26%
Published
2018-09-11
Updated
2023-02-12
The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.
Max CVSS
10.0
EPSS Score
3.65%
Published
2016-06-09
Updated
2023-02-12
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.
Max CVSS
7.8
EPSS Score
0.08%
Published
2016-06-07
Updated
2023-02-13
Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors.
Max CVSS
6.9
EPSS Score
0.90%
Published
2015-09-08
Updated
2023-02-12
4 vulnerabilities found