spice-client is vulnerable to denial of service (DoS). The vulnerability exists as there is insufficient encoding checks for LZ can cause different integer/buffer overflows.
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index
access.redhat.com/errata/RHSA-2019:2229
access.redhat.com/errata/RHSA-2020:0471
access.redhat.com/security/cve/CVE-2018-10893
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1427467
bugzilla.redhat.com/show_bug.cgi?id=1505809
bugzilla.redhat.com/show_bug.cgi?id=1508274
bugzilla.redhat.com/show_bug.cgi?id=1510411
bugzilla.redhat.com/show_bug.cgi?id=1545212
bugzilla.redhat.com/show_bug.cgi?id=1594876
bugzilla.redhat.com/show_bug.cgi?id=1598234
bugzilla.redhat.com/show_bug.cgi?id=1623756
bugzilla.redhat.com/show_bug.cgi?id=1625550
bugzilla.redhat.com/show_bug.cgi?id=1650596
bugzilla.redhat.com/show_bug.cgi?id=1658325
bugzilla.redhat.com/show_bug.cgi?id=1686008
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10893
lists.freedesktop.org/archives/spice-devel/2018-July/044489.html