libspice-client-glib-2.0.so, libspice-client-gtk-2.0.so, libspice-client-gtk-3.0.so are vulnerable to demarshalling with improper bounds check. The vulnerability exists due to the lack of check where demarshalling could happen at an item position beyond the message end, leading to a denial of service (DoS) attack.
www.securityfocus.com/bid/105152
access.redhat.com/errata/RHSA-2018:2731
access.redhat.com/errata/RHSA-2018:2732
access.redhat.com/errata/RHSA-2018:3470
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10873
gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c
lists.debian.org/debian-lts-announce/2018/08/msg00035.html
lists.debian.org/debian-lts-announce/2018/08/msg00037.html
lists.debian.org/debian-lts-announce/2018/08/msg00038.html
usn.ubuntu.com/3751-1/
www.debian.org/security/2018/dsa-4319