CVE-2017-12194

A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable.
Configurations

Configuration 1 (hide)

cpe:2.3:a:spice-gtk_project:spice-gtk:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-03-14 21:29

Updated : 2024-02-04 19:46


NVD link : CVE-2017-12194

Mitre link : CVE-2017-12194

CVE.ORG link : CVE-2017-12194


JSON object : View

Products Affected

spice-gtk_project

  • spice-gtk
CWE
CWE-20

Improper Input Validation

CWE-121

Stack-based Buffer Overflow