Spice-Gtk Project Spice-Gtk vulnerabilities

CVE-2020-14355 [MEDIUM] CVE-2020-14355: Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0 Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed

CVE-2018-10893 [HIGH] CVE-2018-10893: Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.

CVE-2018-10873 [HIGH] CVE-2018-10873: A vulnerability was discovered in SPICE before version 0 A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.

CVE-2017-12194 [CRITICAL] CWE-121 CVE-2017-12194: A flaw was found in the way spice-client processed certain messages sent from the server. An attacke A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable.

CVE-2016-3066 [MEDIUM] CWE-200 CVE-2016-3066: The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard.

CVE-2013-4324 [MEDIUM] CVE-2013-4324: spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_ spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

CVE-2012-4425 [MEDIUM] CVE-2012-4425: libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute a libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse