CVE-2015-5261
HIGH7.1EPSS 0.09%Published: 6/7/2016Modified: 4/28/2026
Also known as:DEBIAN-CVE-2015-5261
Description
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.
Affected packages (1)
- Debian/spicefrom 0, < 0.12.5-1.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.1 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |