Search for packages
| purl | pkg:deb/ubuntu/spice-gtk@0.9-0ubuntu1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-afzs-1b88-aaaf
Aliases: CVE-2018-10873 |
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts. |
Affected by 0 other vulnerabilities. |
|
VCID-dwjx-2jsx-aaar
Aliases: CVE-2012-4425 |
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself. |
Affected by 3 other vulnerabilities. |
|
VCID-q679-j4uq-aaad
Aliases: CVE-2013-4324 |
spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. |
Affected by 2 other vulnerabilities. |
|
VCID-q6fk-hm76-aaaf
Aliases: CVE-2017-12194 |
A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|