CVE-2018-10893

Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.

Published : 2018-09-11 15:29 Updated : 2019-08-06 17:15

6.5
CVSS Score More info
Score 6.5 / 10
6.5
Vendor Product Version URI
Spice Project Spice - cpe:/a:spice_project:spice:-
  1. Spice Project (1) Search CVE
    1. Spice (1) Search CVE
      1. -

CWE

ID Name Description Links
CWE-190 Integer Overflow or Wraparound The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control. CVE

History of changes

Date Event
2019-08-06 17:15
2018-11-15 13:49
2018-09-11 15:29

New CVE