Back to search
CVE-2020-14355
Published: Oct 7, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution.
| Vendor | Product | Versions |
|---|---|---|
n/a | spice | affected spice-0.14.2-1 |
Weaknesses (CWE)
References
https://bugzilla.redhat.com/show_bug.cgi?id=1868435
x_refsource_MISC
https://www.openwall.com/lists/oss-security/2020/10/06/10
x_refsource_MISC
DSA-4771
vendor-advisory
x_refsource_DEBIAN
USN-4572-1
vendor-advisory
x_refsource_UBUNTU
USN-4572-2
vendor-advisory
x_refsource_UBUNTU
openSUSE-SU-2020:1802
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2020:1803
vendor-advisory
x_refsource_SUSE
[debian-lts-announce] 20201101 [SECURITY] [DLA 2428-1] spice-gtk security update
mailing-list
x_refsource_MLIST
[debian-lts-announce] 20201101 [SECURITY] [DLA 2427-1] spice security update
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now