#VU47486 Buffer overflow in SPICE - CVE-2020-14355
Published: October 7, 2020 / Updated: October 9, 2020
Vulnerability identifier: #VU47486
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2020-14355
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
SPICE
SPICE
Software vendor:
SPICE
SPICE
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the QUIC image decoding process of the SPICE remote display system. A remote user can pass specially crafted data to the server or client application, trigger memory corruption in the QUIC image compression algorithm and crash the application or execute arbitrary code on the system.
Remediation
Install updates from vendor's website.