Debian Spice-Gtk vulnerabilities

CVE-2020-14355 [MEDIUM] CVE-2020-14355: spice - Multiple buffer overflow vulnerabilities were found in the QUIC image decoding p... Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, resu

CVE-2018-10893 [HIGH] CVE-2018-10893: spice-gtk - Multiple integer overflow and buffer overflow issues were discovered in spice-cl... Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code. Scope: local bookworm: resolved (fixed in 0.37-1) bullseye: resolved (fixed in 0.37-1) forky: resolved (fixed in 0.37-1) sid: resolved (fixed in 0.37-1)

CVE-2018-10873 [HIGH] CVE-2018-10873: spice - A vulnerability was discovered in SPICE before version 0.14.1 where the generate... A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts. Scope: local bookworm: resolved (fixed in 0.14.0-1.1)

CVE-2017-12194 [CRITICAL] CVE-2017-12194: spice-gtk - A flaw was found in the way spice-client processed certain messages sent from th... A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable. Scope: local bookworm: resolved (fixed

CVE-2016-3066 [MEDIUM] CVE-2016-3066: spice-gtk - The spice-gtk widget allows remote authenticated users to obtain information fro... The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2013-4324 [HIGH] CVE-2013-4324: spice-gtk - spice-gtk 0.14, and possibly other versions, invokes the polkit authority using ... spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. Scope: local bookworm: resol

CVE-2012-4425 [MEDIUM] CVE-2012-4425: spice-gtk - libgio, when used in setuid or other privileged programs in spice-gtk and possib... libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself. Scope: lo