High severity7.6NVD Advisory· Published Sep 11, 2018· Updated Jun 17, 2026
CVE-2018-10893
CVE-2018-10893
Description
Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
28(expand)+ 1 more
- (no CPE)
- (no CPE)range: n/a
- osv-coords26 versionspkg:rpm/opensuse/spice&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/spice-gtk&distro=openSUSE%20Tumbleweedpkg:rpm/suse/spice&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/spice&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015pkg:rpm/suse/spice&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/spice&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/spice&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/spice&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/spice&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/spice&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/spice&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/spice&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/spice&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/spice&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/spice&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/spice-gtk&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/spice-gtk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/spice-gtk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015pkg:rpm/suse/spice-gtk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/spice-gtk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/spice-gtk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/spice-gtk&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/spice-gtk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/spice-gtk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/spice-gtk&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/spice-gtk&distro=SUSE%20OpenStack%20Cloud%207
< 0.15.0-1.3+ 25 more
- (no CPE)range: < 0.15.0-1.3
- (no CPE)range: < 0.39-1.8
- (no CPE)range: < 0.12.8-6.1
- (no CPE)range: < 0.14.0-4.3.1
- (no CPE)range: < 0.12.4-15.1
- (no CPE)range: < 0.12.7-10.9.1
- (no CPE)range: < 0.12.7-10.9.1
- (no CPE)range: < 0.12.8-6.1
- (no CPE)range: < 0.12.4-8.18.1
- (no CPE)range: < 0.12.4-15.1
- (no CPE)range: < 0.12.7-10.9.1
- (no CPE)range: < 0.12.8-6.1
- (no CPE)range: < 0.12.4-15.1
- (no CPE)range: < 0.12.8-6.1
- (no CPE)range: < 0.12.7-10.9.1
- (no CPE)range: < 0.33-3.6.1
- (no CPE)range: < 0.34-3.3.1
- (no CPE)range: < 0.34-3.3.1
- (no CPE)range: < 0.31-9.10.1
- (no CPE)range: < 0.31-9.10.1
- (no CPE)range: < 0.33-3.6.1
- (no CPE)range: < 0.25-5.3.1
- (no CPE)range: < 0.31-9.10.1
- (no CPE)range: < 0.33-3.6.1
- (no CPE)range: < 0.33-3.6.1
- (no CPE)range: < 0.31-9.10.1
Patches
Vulnerability mechanics
References
4- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
- lists.freedesktop.org/archives/spice-devel/2018-July/044489.htmlnvdMailing ListPatchThird Party Advisory
- access.redhat.com/errata/RHSA-2019:2229nvd
- access.redhat.com/errata/RHSA-2020:0471nvd
News mentions
0No linked articles in our index yet.