Spice Security Vulnerabilities and Issues — Spice CVE List

Lucene search

Spice ProjectSpice

4 matches found

CVE•added 2018/08/17 12:29 p.m.•214 views

CVE-2018-10873

A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially...

8.8CVSS8AI score0.00516EPSS

CVE•added 2018/09/11 3:29 p.m.•152 views

CVE-2018-10893

Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.

8.8CVSS8.5AI score0.00315EPSS

CVE•added 2017/07/18 3:29 p.m.•127 views

CVE-2017-7506

spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak.

8.8CVSS8.3AI score0.01374EPSS

CVE•added 2018/07/27 8:29 p.m.•114 views

CVE-2016-9577

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.

8.8CVSS8.6AI score0.03861EPSS