CVE-2020-14355 log

Severity Critical
Remote Yes
Type Arbitrary code execution
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system. More specifically, these flaws reside in the spice-common shared code between the client and server of SPICE. In other words, both the client (spice-gtk) and server are affected by these flaws. A malicious client or server could send specially crafted messages which could result in a process crash or potential code execution scenario.
Group Package Affected Fixed Severity Status Ticket
AVG-1239 spice 0.14.3-3 Critical Vulnerable FS#68166