Vulnerability Description
A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Spice-Gtk Project | Spice-Gtk | <= 0.34 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/103413Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=1501200Issue TrackingThird Party Advisory
- https://security.gentoo.org/glsa/201811-20
- https://usn.ubuntu.com/3659-1/
- http://www.securityfocus.com/bid/103413Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=1501200Issue TrackingThird Party Advisory
- https://security.gentoo.org/glsa/201811-20
- https://usn.ubuntu.com/3659-1/
FAQ
What is CVE-2017-12194?
CVE-2017-12194 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbi...
How severe is CVE-2017-12194?
CVE-2017-12194 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-12194?
Check the references section above for vendor advisories and patch information. Affected products include: Spice-Gtk Project Spice-Gtk.