Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.
{ "binaries": [ { "binary_version": "0.12.4-0nocelt2ubuntu1.2", "binary_name": "libspice-server-dev" }, { "binary_version": "0.12.4-0nocelt2ubuntu1.2", "binary_name": "libspice-server1" }, { "binary_version": "0.12.4-0nocelt2ubuntu1.2", "binary_name": "spice-client" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_version": "0.12.5-1.1ubuntu2", "binary_name": "libspice-server-dev" }, { "binary_version": "0.12.5-1.1ubuntu2", "binary_name": "libspice-server1" }, { "binary_version": "0.12.5-1.1ubuntu2", "binary_name": "spice-client" } ], "availability": "No subscription required" }