CVE-2015-5261

Опубликовано: 06 окт. 2015

Источник: redhat

CVSS2: 4.3

Описание

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.

A heap-based buffer overflow flaw was found in the way SPICE handled certain guest QXL commands related to surface creation. A user in a guest could use this flaw to read and write arbitrary memory locations on the host.

Ссылки на источники

Дополнительная информация

Статус:

Important

https://bugzilla.redhat.com/show_bug.cgi?id=1261889spice: host memory access from guest using crafted images

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2015-5261

CVSS3: 7.1

ubuntu

больше 9 лет назад

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.

CVE-2015-5261

CVSS3: 7.1

nvd

больше 9 лет назад

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.

CVE-2015-5261

CVSS3: 7.1

debian

больше 9 лет назад

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS user ...

GHSA-w69p-8vxh-m87g

CVSS3: 7.1

github

больше 3 лет назад

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.

ELSA-2015-1890

oracle-oval

около 10 лет назад

ELSA-2015-1890: spice security update (IMPORTANT)

4.3 Medium

CVSS2