Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.
A flaw was found in spice-client. An improper check on LZ images sent by the server could lead to an integer/buffer overflows on the client.
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1594904
Created mingw-spice-gtk tracking bugs for this issue:
Affects: fedora-all [bug 1598236]
Created spice-gtk tracking bugs for this issue:
Affects: fedora-all [bug 1598235]
Comment 7Salvatore Bonaccorso
2018-07-07 06:24:17 UTC
Hi Laura
Since the Red Hat reference is not accessible, are there any details available for this issue? Is the issue adressed already?
Regards,
Salvatore