Your submission was sent successfully! Close

CVE-2020-14355

Published: 6 October 2020

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution.

Priority

Medium

CVSS 3 base score: 6.6

Status

Package Release Status
spice
Launchpad, Ubuntu, Debian
bionic
Released (0.14.0-1ubuntu2.5)
focal
Released (0.14.2-4ubuntu3.1)
groovy
Released (0.14.3-1ubuntu2)
hirsute
Released (0.14.3-1ubuntu2)
impish
Released (0.14.3-1ubuntu2)
jammy
Released (0.14.3-1ubuntu2)
precise Does not exist

trusty
Released (0.12.4-0nocelt2ubuntu1.8+esm1)
upstream Needs triage

xenial
Released (0.12.6-4ubuntu0.5)
spice-gtk
Launchpad, Ubuntu, Debian
bionic Needed

focal Needed

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needed

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support, was needed)