Christophe Fergeau

**Name of the Vulnerable Software and Affected Versions** Spice versions 0.5.2 through 0.14.1 **Description** The issue is related to an out-of-bounds read due to an off-by-one error in the `memslot get virt` function. This may lead to a denial of service or, in the worst case, code execution by unauthenticated attackers. The vulnerability is associated with the Spice remote virtual "desktop" rendering system and can be exploited by remote attackers. **Recommendations** For Spice versions 0.5.2 through 0.14.1, consider disabling the `memslot get virt` function as a temporary workaround until a patch is available. Restrict access to the Spice library to minimize the risk of exploitation. Avoid using the vulnerable `memslot get virt` function in the affected Spice versions until the issue is resolved.