Frediano Ziglio discovered multiple buffer overflows, undefined behavior signed integer operations, race conditions, memory leaks, and denial of service issues in Spice. A malicious guest operating system could potentially exploit these issues to escape virtualization. (CVE-2015-5260, CVE-2015-5261)
{ "binaries": [ { "binary_name": "libspice-server-dev", "binary_version": "0.12.4-0nocelt2ubuntu1.2" }, { "binary_name": "libspice-server1", "binary_version": "0.12.4-0nocelt2ubuntu1.2" }, { "binary_name": "libspice-server1-dbgsym", "binary_version": "0.12.4-0nocelt2ubuntu1.2" }, { "binary_name": "spice-client", "binary_version": "0.12.4-0nocelt2ubuntu1.2" }, { "binary_name": "spice-client-dbgsym", "binary_version": "0.12.4-0nocelt2ubuntu1.2" } ], "availability": "No subscription required" }