Spice Gtk Project

spice-gtk_project

3 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-12194 1Spice Gtk Project 1Spice Gtk Nov 21, 2024 Mar 14, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with perm...Show more A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable.Show less
CVE-2016-3066 1Spice Gtk Project 1Spice Gtk May 13, 2026 Jun 6, 2017 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard.
CVE-2013-4324 2Redhat Spice Gtk Project 2Enterprise Linux Spice Gtk Apr 29, 2026 Oct 3, 2013 N/A· v4 N/A· v3 4.6 MEDIUM· v2 spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by leveraging a PolkitUni...Show more spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.Show less