Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2015-5260

Published: 8 September 2015

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.

Priority

Low

CVSS 3 base score: 7.8

Status

Package Release Status
spice
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was needed)
trusty
Released (0.12.4-0nocelt2ubuntu1.2)
upstream Needs triage

vivid
Released (0.12.5-1ubuntu0.2)
wily
Released (0.12.5-1.1ubuntu2)
xenial
Released (0.12.5-1.1ubuntu2)
yakkety
Released (0.12.5-1.1ubuntu2)
zesty
Released (0.12.5-1.1ubuntu2)