9 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
52.2%
Multiple integer overflow and buffer overflow issues were discovered in spice-client’s handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.
access.redhat.com/errata/RHSA-2019:2229
access.redhat.com/errata/RHSA-2020:0471
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10893
lists.freedesktop.org/archives/spice-devel/2018-July/044489.html