Search for packages
Package details: pkg:deb/debian/spice@0.14.0-1.3%2Bdeb10u1
purl pkg:deb/debian/spice@0.14.0-1.3%2Bdeb10u1
Next non-vulnerable version 0.14.3-2.1
Latest non-vulnerable version 0.14.3-2.1
Risk 4.5
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-usj4-e3m4-aaak
Aliases:
CVE-2021-20201
A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection.
0.14.3-2.1
Affected by 0 other vulnerabilities.
VCID-xngp-n9hs-aaag
Aliases:
CVE-2020-14355
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution.
0.14.3-2.1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (5)
Vulnerability Summary Aliases
VCID-afzs-1b88-aaaf A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts. CVE-2018-10873
VCID-nttu-4rcn-aaab An issue was discovered in spice-server spice-server-0.14.0-6.el7_6.1.x86_64 of Redhat's VDI product. There is a security vulnerablility that can restart KVMvirtual machine without any authorization. It is not yet known if there will be other other effects. CVE-2020-23793
VCID-stbg-r14q-aaap spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak. CVE-2017-7506
VCID-usmx-bw7t-aaan Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers. CVE-2019-3813
VCID-xngp-n9hs-aaag Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution. CVE-2020-14355

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-22T14:09:20.070233+00:00 Debian Importer Affected by VCID-usj4-e3m4-aaak https://security-tracker.debian.org/tracker/data/json 36.1.3
2025-06-21T17:33:29.106610+00:00 Debian Oval Importer Fixing VCID-usmx-bw7t-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T16:10:51.247170+00:00 Debian Oval Importer Fixing VCID-nttu-4rcn-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:51:26.647947+00:00 Debian Importer Affected by VCID-usj4-e3m4-aaak None 36.1.3
2025-06-21T13:15:24.070333+00:00 Debian Oval Importer Fixing VCID-xngp-n9hs-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T12:27:32.306808+00:00 Debian Oval Importer Fixing VCID-afzs-1b88-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T11:17:32.317548+00:00 Debian Oval Importer Fixing VCID-stbg-r14q-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T04:35:43.071277+00:00 Debian Oval Importer Affected by VCID-usj4-e3m4-aaak None 36.1.3
2025-06-21T02:46:55.732241+00:00 Debian Oval Importer Affected by VCID-xngp-n9hs-aaag None 36.1.3
2025-06-21T00:04:02.499768+00:00 Debian Oval Importer Fixing VCID-xngp-n9hs-aaag None 36.1.3
2025-06-20T23:18:14.494882+00:00 Debian Oval Importer Fixing VCID-usmx-bw7t-aaan None 36.1.3
2025-06-20T22:29:45.637948+00:00 Debian Oval Importer Fixing VCID-stbg-r14q-aaap None 36.1.3
2025-06-20T22:14:38.531606+00:00 Debian Oval Importer Fixing VCID-afzs-1b88-aaaf None 36.1.3
2025-06-08T12:13:34.229545+00:00 Debian Oval Importer Affected by VCID-xngp-n9hs-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:59:50.564123+00:00 Debian Oval Importer Fixing VCID-stbg-r14q-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:09:05.417725+00:00 Debian Oval Importer Fixing VCID-usmx-bw7t-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:59:49.541924+00:00 Debian Oval Importer Fixing VCID-nttu-4rcn-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:10:03.490809+00:00 Debian Oval Importer Fixing VCID-xngp-n9hs-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:28:00.768497+00:00 Debian Oval Importer Fixing VCID-afzs-1b88-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:42:05.519504+00:00 Debian Oval Importer Fixing VCID-stbg-r14q-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-07T22:12:18.985530+00:00 Debian Oval Importer Affected by VCID-usj4-e3m4-aaak None 36.1.0
2025-06-07T20:12:54.119199+00:00 Debian Oval Importer Affected by VCID-xngp-n9hs-aaag None 36.1.0
2025-06-07T17:26:50.361324+00:00 Debian Oval Importer Fixing VCID-xngp-n9hs-aaag None 36.1.0
2025-06-07T16:41:13.932085+00:00 Debian Oval Importer Fixing VCID-usmx-bw7t-aaan None 36.1.0
2025-06-07T15:53:54.815410+00:00 Debian Oval Importer Fixing VCID-stbg-r14q-aaap None 36.1.0
2025-06-07T15:38:40.859475+00:00 Debian Oval Importer Fixing VCID-afzs-1b88-aaaf None 36.1.0
2025-04-12T21:47:58.631854+00:00 Debian Oval Importer Fixing VCID-nttu-4rcn-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T21:26:48.446922+00:00 Debian Oval Importer Fixing VCID-afzs-1b88-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:59:57.287701+00:00 Debian Oval Importer Fixing VCID-usmx-bw7t-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:51:48.548456+00:00 Debian Oval Importer Affected by VCID-usj4-e3m4-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:59:16.315674+00:00 Debian Oval Importer Affected by VCID-xngp-n9hs-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:45:07.349563+00:00 Debian Oval Importer Fixing VCID-stbg-r14q-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T15:49:53.060356+00:00 Debian Oval Importer Fixing VCID-usmx-bw7t-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:31:27.796024+00:00 Debian Oval Importer Fixing VCID-nttu-4rcn-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:42:07.475949+00:00 Debian Oval Importer Fixing VCID-xngp-n9hs-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:59:14.536767+00:00 Debian Oval Importer Fixing VCID-afzs-1b88-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:13:07.654155+00:00 Debian Oval Importer Fixing VCID-stbg-r14q-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-07T20:43:47.635184+00:00 Debian Oval Importer Affected by VCID-usj4-e3m4-aaak None 36.0.0
2025-04-07T18:49:22.913226+00:00 Debian Oval Importer Affected by VCID-xngp-n9hs-aaag None 36.0.0
2025-04-07T16:01:12.713892+00:00 Debian Oval Importer Fixing VCID-xngp-n9hs-aaag None 36.0.0
2025-04-07T15:13:37.575001+00:00 Debian Oval Importer Fixing VCID-usmx-bw7t-aaan None 36.0.0
2025-04-07T14:24:52.480098+00:00 Debian Oval Importer Fixing VCID-stbg-r14q-aaap None 36.0.0
2025-04-07T14:09:37.400210+00:00 Debian Oval Importer Fixing VCID-afzs-1b88-aaaf None 36.0.0
2025-04-06T07:29:21.745309+00:00 Debian Importer Affected by VCID-usj4-e3m4-aaak https://security-tracker.debian.org/tracker/data/json 36.0.0
2025-04-05T11:23:34.710060+00:00 Debian Importer Affected by VCID-usj4-e3m4-aaak None 36.0.0
2025-02-19T19:13:33.149308+00:00 Debian Importer Affected by VCID-usj4-e3m4-aaak https://security-tracker.debian.org/tracker/data/json 35.1.0
2025-02-19T19:13:31.775137+00:00 Debian Importer Affected by VCID-usj4-e3m4-aaak None 35.1.0
2024-04-24T21:03:23.148608+00:00 Debian Importer Affected by VCID-usj4-e3m4-aaak https://security-tracker.debian.org/tracker/data/json 34.0.0rc4
2024-04-24T21:03:21.559663+00:00 Debian Importer Affected by VCID-usj4-e3m4-aaak None 34.0.0rc4
2024-01-10T22:06:58.254180+00:00 Debian Importer Affected by VCID-usj4-e3m4-aaak https://security-tracker.debian.org/tracker/data/json 34.0.0rc2
2024-01-10T22:06:56.469895+00:00 Debian Importer Affected by VCID-usj4-e3m4-aaak None 34.0.0rc2
2024-01-04T11:21:05.861499+00:00 Debian Importer Affected by VCID-usj4-e3m4-aaak https://security-tracker.debian.org/tracker/data/json 34.0.0rc1
2024-01-04T11:21:04.259497+00:00 Debian Importer Affected by VCID-usj4-e3m4-aaak None 34.0.0rc1