CVE-2015-3247

EPSS 0.77%

spice - security update

Published: 9/8/2015Modified: 4/28/2026

Description

Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors.

Affected packages (2)

Debian/spicefrom 0, < 0.12.5-1.2
Debian/spicefrom 0, < 0.12.5-1+deb8u1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-3247