Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution.
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
| Link | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1868435 | issue tracking patch vendor advisory |
| https://www.openwall.com/lists/oss-security/2020/10/06/10 | mailing list third party advisory patch |
| https://www.debian.org/security/2020/dsa-4771 | third party advisory vendor advisory |
| https://usn.ubuntu.com/4572-1/ | third party advisory vendor advisory |
| https://usn.ubuntu.com/4572-2/ | third party advisory vendor advisory |
| http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00001.html | mailing list third party advisory vendor advisory |
| http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00000.html | mailing list third party advisory vendor advisory |
| https://lists.debian.org/debian-lts-announce/2020/11/msg00002.html | third party advisory mailing list |
| https://lists.debian.org/debian-lts-announce/2020/11/msg00001.html | third party advisory mailing list |