Vulnerability Details CVE-2017-12194
A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 81.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- http://www.securityfocus.com/bid/103413
- https://bugzilla.redhat.com/show_bug.cgi?id=1501200
- https://security.gentoo.org/glsa/201811-20
- https://usn.ubuntu.com/3659-1/
- http://www.securityfocus.com/bid/103413
- https://bugzilla.redhat.com/show_bug.cgi?id=1501200
- https://security.gentoo.org/glsa/201811-20
- https://usn.ubuntu.com/3659-1/
Products affected by CVE-2017-12194
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.1.0
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.10
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.11
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.12
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.12.101
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.13
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.13.17
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.13.29
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.14
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.15
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.15.3
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.16
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.17
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.18
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.19
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.2
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.20
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.21
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.22
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.23
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.24
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.25
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.26
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.27
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.28
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.29
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.3
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.30
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.31
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.32
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.33
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.34
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.4
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.5
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.6
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.7
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.8
-
cpe:2.3:a:spice-gtk_project:spice-gtk:0.9