Arbitrary Code Execution Vulnerability in spice-gtk Versions through 0.34

Arbitrary Code Execution Vulnerability in spice-gtk Versions through 0.34

CVE-2017-12194 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable.

Learn more about our Cis Benchmark Audit For Server Software.