CVE-2020-14355 log

Source
Severity Critical
Remote Yes
Type Arbitrary code execution
Description
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system. More specifically, these flaws reside in the spice-common shared code between the client and server of SPICE. In other words, both the client (spice-gtk) and server are affected by these flaws. A malicious client or server could send specially crafted messages which could result in a process crash or potential code execution scenario.
Group Package Affected Fixed Severity Status Ticket
AVG-1239 spice 0.14.3-2 Critical Vulnerable
References
https://www.openwall.com/lists/oss-security/2020/10/06/10
https://gitlab.freedesktop.org/spice/spice-common/-/commit/762e0aba
https://gitlab.freedesktop.org/spice/spice-common/-/commit/404d7478
https://gitlab.freedesktop.org/spice/spice-common/-/commit/ef1b6ff7
https://gitlab.freedesktop.org/spice/spice-common/-/commit/b24fe6b6