Spice Security Vulnerabilities and Issues — Spice CVE List

Lucene search

Spice ProjectSpice

4 matches found

CVE•added 2018/08/17 12:29 p.m.•215 views

CVE-2018-10873

A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially...

8.8CVSS8AI score0.00516EPSS

CVE•added 2018/09/11 3:29 p.m.•152 views

CVE-2018-10893

Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.

8.8CVSS8.5AI score0.00315EPSS

CVE•added 2018/07/27 9:29 p.m.•126 views

CVE-2016-9578

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.

7.5CVSS7.7AI score0.03467EPSS

CVE•added 2018/07/27 8:29 p.m.•114 views

CVE-2016-9577

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.

8.8CVSS8.6AI score0.03861EPSS