spice - Arch Linux
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-866 | 0.14.0-2 | 0.14.0-3 | Critical | Fixed | FS#61650 |
| AVG-349 | 0.12.8-2 | 0.12.8+8+ga957a90b-1 | High | Fixed | FS#54808 |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2019-3813 | AVG-866 | Critical | Yes | Arbitrary code execution | Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of- bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of... |
| CVE-2017-7506 | AVG-349 | High | Yes | Arbitrary code execution | Two security issues have been found in spice <= 0.12.8, allowing a remote, authenticated user to get access to memory content by sending a number of... |
Advisories
| Date | Advisory | Group | Severity | Description |
|---|---|---|---|---|
| 11 Feb 2019 | ASA-201902-4 | AVG-866 | Critical | arbitrary code execution |
| 14 Aug 2017 | ASA-201708-12 | AVG-349 | High | arbitrary code execution |