High severity7.1NVD Advisory· Published Jun 7, 2016· Updated May 6, 2026

CVE-2015-5261

Description

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.freedesktop.org/archives/spice-devel/2015-October/022191.htmlnvd
rhn.redhat.com/errata/RHSA-2015-1889.htmlnvd
rhn.redhat.com/errata/RHSA-2015-1890.htmlnvd
www.debian.org/security/2015/dsa-3371nvd
www.openwall.com/lists/oss-security/2015/10/06/4nvd
www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlnvd
www.securitytracker.com/id/1033753nvd
www.ubuntu.com/usn/USN-2766-1nvd
bugzilla.redhat.com/show_bug.cginvd
security.gentoo.org/glsa/201606-05nvd

News mentions

No linked articles in our index yet.

cvss	0.461
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000