Buffer overflow in Spice_project Spice
CVE-2015-5261
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.
Vulnerability class: Buffer Overflow
EPSS: 0.001 (26.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.1 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N.
Affected products
- Spice_project Spice
- Canonical Ubuntu_linux — versions 14.04, 15.04
- Debian Debian_linux — versions 7.0, 8.0
- Redhat Enterprise_linux_desktop — versions 6.0, 7.0
- Redhat Enterprise_linux_hpc_node — versions 6.0, 7.0
- Redhat Enterprise_linux_hpc_node_eus — versions 7.1
- Redhat Enterprise_linux_server — versions 6.0, 7.0
- Redhat Enterprise_linux_server_eus — versions 6.7.z, 7.1
- Redhat Enterprise_linux_workstation — versions 6.0, 7.0
- N/a — versions n/a
Weakness classification (CWE)
References
- RHSA-2015:1890 (x_refsource_REDHAT, vendor-advisory)
- [oss-security] 20151006 Fwd: [vs-plain] CVE-2015-5261 (mailing-list, x_refsource_MLIST)
- GLSA-201606-05 (vendor-advisory, x_refsource_GENTOO)
- secalert@redhat.com (x_refsource_CONFIRM)
- USN-2766-1 (x_refsource_UBUNTU, vendor-advisory)
- [Spice-devel] 20151006 Announcing spice 0.12.6 (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (x_refsource_CONFIRM)
- RHSA-2015:1889 (x_refsource_REDHAT, vendor-advisory)
- DSA-3371 (vendor-advisory, x_refsource_DEBIAN)
- 1033753 (vdb-entry, x_refsource_SECTRACK)
Frequently asked questions
- What is CVE-2015-5261?
- CVE-2015-5261 is a high-severity vulnerability in Spice_project Spice, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 7.1/10. Published 2016-06-07.
- How severe is CVE-2015-5261?
- High severity. CVSS v3 base score is 7.1 out of 10.