Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

1 – 4 of 4 results

CVE-2021-20201

Low priority
Vulnerable

A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection.

3 affected packages

spice, spice-gtk, spice-protocol

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
spice Not affected Not affected Vulnerable Vulnerable Needs evaluation
spice-gtk Not affected Not affected Not affected Not affected Not affected
spice-protocol Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2019-3813

High priority
Fixed

Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.

3 affected packages

spice, spice-gtk, spice-protocol

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
spice Fixed Fixed
spice-gtk Not affected Not affected
spice-protocol Not affected Not affected
Show less packages

CVE-2018-10873

Medium priority

Some fixes available 16 of 18

A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially...

3 affected packages

spice, spice-gtk, spice-protocol

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
spice Fixed Fixed Fixed Fixed Not affected
spice-gtk Not affected Not affected Not affected Vulnerable Vulnerable
spice-protocol Not affected Not affected Not affected Not affected Fixed
Show less packages

CVE-2017-12194

Medium priority

Some fixes available 17 of 19

A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of...

3 affected packages

spice, spice-gtk, spice-protocol

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
spice Fixed Fixed Fixed Fixed Not affected
spice-gtk Not affected Not affected Not affected Vulnerable Not affected
spice-protocol Not affected Not affected Not affected Not affected Fixed
Show less packages