1501200 – (CVE-2017-12194) CVE-2017-12194 spice-gtk: Integer overflows causing buffer overflows in spice-client

Bug 1501200 (CVE-2017-12194) - CVE-2017-12194 spice-gtk: Integer overflows causing buffer overflows in spice-client

Summary: CVE-2017-12194 spice-gtk: Integer overflows causing buffer overflows in spic...

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2017-12194
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1501201 1555301 1555302
Blocks:	1498495 1498774
TreeView+	depends on / blocked

Reported:	2017-10-12 08:42 UTC by Huzaifa S. Sidhpurwala
Modified:	2019-09-29 14:24 UTC (History)
CC List:	14 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client.
Clone Of:
Environment:
Last Closed:	2018-03-14 12:50:48 UTC

Attachments	(Terms of Use)

Description Huzaifa S. Sidhpurwala 2017-10-12 08:42:04 UTC

When a spice-client connects to a malicious spice-server, it was possible to crash the client or execute arbitrary code with the permissions of user running the client, when certain messages were sent from the server to the spice-client.

Comment 3 Huzaifa S. Sidhpurwala 2018-03-14 12:48:27 UTC

More details about this flaw is available in:

https://bugzilla.redhat.com/show_bug.cgi?id=1240165

Comment 4 Huzaifa S. Sidhpurwala 2018-03-14 12:49:12 UTC

Created spice-gtk tracking bugs for this issue:

Affects: fedora-all [bug 1555301]

Note You need to log in before you can comment on or make changes to this bug.