EUVD-2018-2954

Malware in sbrugna...

Medium: spice-protocol

Issue Overview: Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code. CVE-2018-10893 Affected Packages: spice-protocol Note: This advisory...

Amazon Linux 2 : spice-protocol (ALAS-2023-2219)

The version of spice-protocol installed on the remote host is prior to 0.12.14-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2219 advisory. Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A...

NewStart CGSL CORE 5.05 / MAIN 5.05 : virt-viewer Vulnerability (NS-SA-2023-0027)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has virt-viewer packages installed that are affected by a vulnerability: - Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause...

Amazon Linux 2 : libgovirt (ALAS-2023-1939)

The version of libgovirt installed on the remote host is prior to 0.3.4-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1939 advisory. Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A...

Amazon Linux 2 : spice-protocol (ALAS-2023-1940)

The version of spice-protocol installed on the remote host is prior to 0.12.14-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1940 advisory. Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A...

NewStart CGSL MAIN 4.05 : spice-gtk Vulnerability (NS-SA-2020-0050)

The remote NewStart CGSL host, running version MAIN 4.05, has spice-gtk packages installed that are affected by a vulnerability: - Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to...

EulerOS Virtualization 3.0.6.0 : spice-gtk (EulerOS-SA-2020-1727)

According to the version of the spice-gtk packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A...

NewStart CGSL CORE 5.05 / MAIN 5.05 : spice-gtk Vulnerability (NS-SA-2019-0257)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has spice-gtk packages installed that are affected by a vulnerability: - Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause th...

CVE-2018-10893

Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code...

Updated spice-gtk packages fix security vulnerability

A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are...

Updated spice packages fix security vulnerability

Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslotgetvirt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers. CVE-2019-3813 A vulnerability was discovered in SPICE before versio...

Integer overflow

Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code...

CVE-2018-10893

Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code...

CVE-2018-10893

Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code...

CVE-2018-10893

Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code...

CVE-2018-10893

CVE-2018-10893 concerns spice-client’s handling of LZ compressed frames, with multiple integer/buffer overflow issues that could crash the client or allow arbitrary code execution. Public advisories reference fixes bundled in updated spice packages: Amazon Linux 2 ALAS-2023-2219 notes spice-proto...