Search for packages
Package details: pkg:deb/ubuntu/spice-gtk@0.28-1
purl pkg:deb/ubuntu/spice-gtk@0.28-1
Next non-vulnerable version 0.35-2
Latest non-vulnerable version 0.35-2
Risk 4.5
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-afzs-1b88-aaaf
Aliases:
CVE-2018-10873
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.
0.35-2
Affected by 0 other vulnerabilities.
VCID-q6fk-hm76-aaaf
Aliases:
CVE-2017-12194
A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable.
0.35-2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version