Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2015-5261

Published: 6 October 2015

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.

Priority

Medium

CVSS 3 base score: 7.1

Status

Package Release Status
spice
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was needed)
trusty
Released (0.12.4-0nocelt2ubuntu1.2)
upstream Needs triage

vivid
Released (0.12.5-1ubuntu0.2)
wily
Released (0.12.5-1.1ubuntu2)
xenial
Released (0.12.5-1.1ubuntu2)
yakkety
Released (0.12.5-1.1ubuntu2)
zesty
Released (0.12.5-1.1ubuntu2)