A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "libspice-server-dev", "binary_version": "0.12.4-0nocelt2ubuntu1.7" }, { "binary_name": "libspice-server1", "binary_version": "0.12.4-0nocelt2ubuntu1.7" }, { "binary_name": "libspice-server1-dbgsym", "binary_version": "0.12.4-0nocelt2ubuntu1.7" }, { "binary_name": "spice-client", "binary_version": "0.12.4-0nocelt2ubuntu1.7" }, { "binary_name": "spice-client-dbgsym", "binary_version": "0.12.4-0nocelt2ubuntu1.7" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "libspice-server-dev", "binary_version": "0.14.0-1ubuntu2.2" }, { "binary_name": "libspice-server1", "binary_version": "0.14.0-1ubuntu2.2" }, { "binary_name": "libspice-server1-dbgsym", "binary_version": "0.14.0-1ubuntu2.2" } ] }