Vulnerabilities > Spice Project > Spice > High

DATE CVE VULNERABILITY TITLE RISK
2018-09-11 CVE-2018-10893 Heap-based Buffer Overflow vulnerability in Spice Project Spice
Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames.
network
low complexity
spice-project CWE-122
8.8
2018-07-27 CVE-2016-9578 Improper Input Validation vulnerability in multiple products
A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling.
network
low complexity
spice-project redhat debian CWE-20
7.5
2018-07-27 CVE-2016-9577 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling.
network
low complexity
spice-project redhat debian CWE-119
8.8
2017-07-18 CVE-2017-7506 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Spice Project Spice
spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak.
network
low complexity
spice-project CWE-119
8.8
2016-06-07 CVE-2015-5260 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.
7.8