CVE-2020-14355 log

Severity Critical
Remote Yes
Type Arbitrary code execution
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system. More specifically, these flaws reside in the spice-common shared code between the client and server of SPICE. In other words, both the client (spice-gtk) and server are affected by these flaws. A malicious client or server could send specially crafted messages which could result in a process crash or potential code execution scenario. The issues have been fixed in spice (server) version 0.14.90 and spice-gtk (client) version 0.39.
Group Package Affected Fixed Severity Status Ticket
AVG-2134 spice-gtk 0.38-1 0.39-1 Critical Fixed
AVG-1239 spice 0.14.3-3 0.15.0-1 Critical Fixed FS#68166
Date Advisory Group Package Severity Type
06 Jul 2021 ASA-202107-12 AVG-1239 spice Critical multiple issues