CVE-2020-14355 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Critical
Remote	Yes
Type	Arbitrary code execution
Description	Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system. More specifically, these flaws reside in the spice-common shared code between the client and server of SPICE. In other words, both the client (spice-gtk) and server are affected by these flaws. A malicious client or server could send specially crafted messages which could result in a process crash or potential code execution scenario.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1239	spice	0.14.3-2		Critical	Vulnerable

References
https://www.openwall.com/lists/oss-security/2020/10/06/10 https://gitlab.freedesktop.org/spice/spice-common/-/commit/762e0aba https://gitlab.freedesktop.org/spice/spice-common/-/commit/404d7478 https://gitlab.freedesktop.org/spice/spice-common/-/commit/ef1b6ff7 https://gitlab.freedesktop.org/spice/spice-common/-/commit/b24fe6b6

References

https://www.openwall.com/lists/oss-security/2020/10/06/10
https://gitlab.freedesktop.org/spice/spice-common/-/commit/762e0aba
https://gitlab.freedesktop.org/spice/spice-common/-/commit/404d7478
https://gitlab.freedesktop.org/spice/spice-common/-/commit/ef1b6ff7
https://gitlab.freedesktop.org/spice/spice-common/-/commit/b24fe6b6