| CVE-2017-7506 | Hig | 0.57 | 8.8 | 0.01 | | Jul 18, 2017 | spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak. |
| CVE-2015-5260 | Hig | 0.51 | 7.8 | 0.00 | | Jun 7, 2016 | Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter. |
| CVE-2015-3247 | | 0.00 | — | 0.01 | | Sep 8, 2015 | Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors. |
| CVE-2013-4282 | | 0.00 | — | 0.01 | | Nov 2, 2013 | Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket. |
| CVE-2013-4130 | | 0.00 | — | 0.01 | | Aug 20, 2013 | The (1) red_channel_pipes_add_type and (2) red_channel_pipes_add_empty_msg functions in server/red_channel.c in SPICE before 0.12.4 do not properly perform ring loops, which might allow remote attackers to cause a denial of service (reachable assertion and server exit) by triggering a network error. |
