CVE-2016-9577

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-9577

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9577.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2016-9577

Downstream

ALPINE-CVE-2016-9577

DEBIAN-CVE-2016-9577

DLA-825-1

DSA-3790-1

RHSA-2017:0253

RHSA-2017:0254

RHSA-2017:0549

RHSA-2017:0552

SUSE-SU-2017:0392-1

SUSE-SU-2017:0393-1

SUSE-SU-2017:0396-1

SUSE-SU-2017:0400-1

UBUNTU-CVE-2016-9577

USN-3202-1

openSUSE-SU-2024:11397-1

Related

Published

2018-07-27T20:29:00Z

Modified

2025-10-15T08:30:19.116954Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.

References

Affected packages

Git / gitlab.freedesktop.org/spice/spice

Affected ranges

Type: GIT
Repo: https://gitlab.freedesktop.org/spice/spice
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

34dff543bef7a5201f41c72353a65840bd37c275

Affected versions

0.*

0.10.0

0.11.0

0.11.3

0.12.0

0.5.2

0.5.3

0.6.0

0.6.1

0.6.2

0.6.3

0.9.0

0.9.1

v0.*

v0.12.0

v0.12.2

v0.12.3

v0.12.4

v0.12.5

v0.12.6

v0.13.0

v0.13.1

v0.13.2

v0.13.3