Spice-gtk

This hub aggregates every CVE we track for Spice-gtk, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 7 most recently published vulnerabilities affecting Spice-gtk.

• CVE-2021-20201A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a ...5.3May 28, 2021
• CVE-2018-10893Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute ...7.6Sep 11, 2018
• CVE-2018-10873A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentic...8.3Aug 17, 2018
• CVE-2017-12194A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute a...9.8Mar 14, 2018
• CVE-2016-3066The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard.6.5Jun 6, 2017
• CVE-2013-4324spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by...4.6Oct 3, 2013
• CVE-2012-4425libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS e...6.9Sep 18, 2012