debian · CVE-2017-15108

Quick triage

Priority: not yet assigned Published: Updated: Mon, 06 Jul 2026 01:00:57 GMT

View at Official debian advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2017-15108 not yet assigned priority: Debian including 1 source packages (spice-vdagent), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.

Description:

spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.

cvelogic Threat Intelligence