CVE-2015-5261
published 2016-06-07CVE-2015-5261: Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands…
high7.1CVSS 3.0
AVLACLPRLUINSUCHIHAN
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.
Affected
34 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | spice | < spice 0.12.5-1.3 (bookworm) | spice 0.12.5-1.3 (bookworm) |
| debian | spice | < spice 0.12.6-4.1 (bookworm) | spice 0.12.6-4.1 (bookworm) |
| opensuse | leap | — | — |
| opensuse | opensuse | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_hpc_node | — | — |
| redhat | enterprise_linux_hpc_node | — | — |
| redhat | enterprise_linux_hpc_node_eus | — | — |
| redhat | enterprise_linux_hpc_node_eus | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | enterprise_linux_workstation | — | — |
| spice_project | spice | <= 0.12.5 | — |
CVSS provenance
nvdv3.07.1HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
osv7.8HIGH