Search for packages
| purl | pkg:deb/debian/spice-gtk@0.25-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-afzs-1b88-aaaf
Aliases: CVE-2018-10873 |
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts. |
Affected by 2 other vulnerabilities. |
|
VCID-agz7-4mx4-aaah
Aliases: CVE-2018-10893 |
Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code. |
Affected by 0 other vulnerabilities. |
|
VCID-q6fk-hm76-aaaf
Aliases: CVE-2017-12194 |
A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable. |
Affected by 2 other vulnerabilities. |
|
VCID-xngp-n9hs-aaag
Aliases: CVE-2020-14355 |
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-q679-j4uq-aaad | spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. |
CVE-2013-4324
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T19:08:29.926842+00:00 | Debian Oval Importer | Affected by | VCID-afzs-1b88-aaaf | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.3 |
| 2025-06-21T18:15:12.468175+00:00 | Debian Oval Importer | Affected by | VCID-xngp-n9hs-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.3 |
| 2025-06-21T16:25:43.928773+00:00 | Debian Oval Importer | Affected by | VCID-q6fk-hm76-aaaf | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T14:47:42.339340+00:00 | Debian Oval Importer | Fixing | VCID-q679-j4uq-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T12:51:29.294581+00:00 | Debian Oval Importer | Affected by | VCID-afzs-1b88-aaaf | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T05:49:54.015524+00:00 | Debian Oval Importer | Affected by | VCID-xngp-n9hs-aaag | None | 36.1.3 |
| 2025-06-21T01:49:28.802103+00:00 | Debian Oval Importer | Affected by | VCID-agz7-4mx4-aaah | None | 36.1.3 |
| 2025-06-21T00:56:55.772987+00:00 | Debian Oval Importer | Fixing | VCID-q679-j4uq-aaad | None | 36.1.3 |
| 2025-06-20T22:53:07.872435+00:00 | Debian Oval Importer | Affected by | VCID-q6fk-hm76-aaaf | None | 36.1.3 |
| 2025-06-20T20:23:51.463555+00:00 | Debian Oval Importer | Affected by | VCID-afzs-1b88-aaaf | None | 36.1.3 |
| 2025-06-08T11:37:31.727673+00:00 | Debian Oval Importer | Affected by | VCID-afzs-1b88-aaaf | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T10:46:23.387642+00:00 | Debian Oval Importer | Affected by | VCID-xngp-n9hs-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T09:11:40.665643+00:00 | Debian Oval Importer | Affected by | VCID-q6fk-hm76-aaaf | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T07:41:04.819745+00:00 | Debian Oval Importer | Fixing | VCID-q679-j4uq-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T05:46:31.639404+00:00 | Debian Oval Importer | Affected by | VCID-afzs-1b88-aaaf | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-07T23:28:28.066360+00:00 | Debian Oval Importer | Affected by | VCID-xngp-n9hs-aaag | None | 36.1.0 |
| 2025-06-07T19:12:49.163336+00:00 | Debian Oval Importer | Affected by | VCID-agz7-4mx4-aaah | None | 36.1.0 |
| 2025-06-07T18:19:16.906775+00:00 | Debian Oval Importer | Fixing | VCID-q679-j4uq-aaad | None | 36.1.0 |
| 2025-06-07T16:16:27.707461+00:00 | Debian Oval Importer | Affected by | VCID-q6fk-hm76-aaaf | None | 36.1.0 |
| 2025-06-07T13:59:15.811914+00:00 | Debian Oval Importer | Affected by | VCID-afzs-1b88-aaaf | None | 36.1.0 |
| 2025-04-12T21:54:58.573518+00:00 | Debian Oval Importer | Affected by | VCID-q6fk-hm76-aaaf | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:11:28.718200+00:00 | Debian Oval Importer | Affected by | VCID-agz7-4mx4-aaah | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T19:19:02.343992+00:00 | Debian Oval Importer | Fixing | VCID-q679-j4uq-aaad | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T17:22:07.039114+00:00 | Debian Oval Importer | Affected by | VCID-afzs-1b88-aaaf | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T16:28:26.297352+00:00 | Debian Oval Importer | Affected by | VCID-xngp-n9hs-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-08T07:43:33.991314+00:00 | Debian Oval Importer | Affected by | VCID-q6fk-hm76-aaaf | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T06:13:32.761083+00:00 | Debian Oval Importer | Fixing | VCID-q679-j4uq-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:18:17.553283+00:00 | Debian Oval Importer | Affected by | VCID-afzs-1b88-aaaf | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-07T22:00:21.791235+00:00 | Debian Oval Importer | Affected by | VCID-xngp-n9hs-aaag | None | 36.0.0 |
| 2025-04-07T17:50:37.722304+00:00 | Debian Oval Importer | Affected by | VCID-agz7-4mx4-aaah | None | 36.0.0 |
| 2025-04-07T16:56:52.469200+00:00 | Debian Oval Importer | Fixing | VCID-q679-j4uq-aaad | None | 36.0.0 |
| 2025-04-07T14:47:58.827012+00:00 | Debian Oval Importer | Affected by | VCID-q6fk-hm76-aaaf | None | 36.0.0 |
| 2025-04-07T12:33:44.857458+00:00 | Debian Oval Importer | Affected by | VCID-afzs-1b88-aaaf | None | 36.0.0 |