Search CVE reports
1 – 4 of 4 results
CVE-2021-20201
Low priorityA flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection.
3 affected packages
spice, spice-gtk, spice-protocol
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| spice | Not affected | Not affected | Vulnerable | Vulnerable | Needs evaluation |
| spice-gtk | Not affected | Not affected | Not affected | Not affected | Not affected |
| spice-protocol | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2019-3813
High prioritySpice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.
3 affected packages
spice, spice-gtk, spice-protocol
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| spice | — | — | — | Fixed | Fixed |
| spice-gtk | — | — | — | Not affected | Not affected |
| spice-protocol | — | — | — | Not affected | Not affected |
CVE-2018-10873
Medium prioritySome fixes available 16 of 18
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially...
3 affected packages
spice, spice-gtk, spice-protocol
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| spice | Fixed | Fixed | Fixed | Fixed | Not affected |
| spice-gtk | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
| spice-protocol | Not affected | Not affected | Not affected | Not affected | Fixed |
CVE-2017-12194
Medium prioritySome fixes available 17 of 19
A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of...
3 affected packages
spice, spice-gtk, spice-protocol
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| spice | Fixed | Fixed | Fixed | Fixed | Not affected |
| spice-gtk | Not affected | Not affected | Not affected | Vulnerable | Not affected |
| spice-protocol | Not affected | Not affected | Not affected | Not affected | Fixed |