Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system. More specifically, these flaws reside in the spice-common shared code between the client and server of SPICE. In other words, both the client (spice-gtk) and server are affected by these flaws. A malicious client or server could send specially crafted messages which could result in a process crash or potential code execution scenario.
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system. More specifically, these flaws reside in the spice-common shared code between the client and server of SPICE. In other words, both the client (spice-gtk) and server are affected by these flaws. A malicious client or server could send specially crafted messages which could result in a process crash or potential code execution scenario.
https://www.openwall.com/lists/oss-security/2020/10/06/10 https://gitlab.freedesktop.org/spice/spice-common/-/commit/762e0aba https://gitlab.freedesktop.org/spice/spice-common/-/commit/404d7478 https://gitlab.freedesktop.org/spice/spice-common/-/commit/ef1b6ff7 https://gitlab.freedesktop.org/spice/spice-common/-/commit/b24fe6b6