3 matches found
DEBIAN-CVE-2016-0749
The smartcard interaction in SPICE allows remote attackers to cause a denial of service QEMU-KVM process crash or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow...
UBUNTU-CVE-2016-0749
The smartcard interaction in SPICE allows remote attackers to cause a denial of service QEMU-KVM process crash or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow...
spice: heap-based memory corruption within smartcard handling
A memory allocation flaw, leading to a heap-based buffer overflow, was found in spice's smartcard interaction, which runs under the QEMU-KVM context on the host. A user connecting to a guest VM using spice could potentially use this flaw to crash the QEMU-KVM process or execute arbitrary code wit...