spice-gtk_project CVE Vulnerabilities & CVE List (3)

Products (CPE): — CVEs: 3

spice-gtk_project vulnerability overview

Aggregates CVE and security vulnerability intelligence across all spice-gtk_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Historical issues mainly involve vendor risk path handling, vendor risk buffer overflow, and vendor risk input validation and related problems; some flaws may lead to vendor impact memory corruption.

Vulnerability distribution trend (last 24 months)

Showing 13 of 3 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2017-12194 A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable. [email protected] 9.8 5.54% 2018-03-14 2026-06-16
CVE-2016-3066 The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard. [email protected] 6.5 1.03% 2017-06-06 2026-06-16
CVE-2013-4324 spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. [email protected] 4.6 0.38% 2013-10-03 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence