Heap-based Buffer Overflow in SPICE Allows Arbitrary Code Execution via QXL Commands
CVE-2015-5260 · HIGH Severity
AV:L/AC:L/AU:N/C:C/I:C/A:C
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.
Learn more about our Attack Surface Assessment.