CVE-2017-12194

Name of the Vulnerable Software and Affected Versions spice-gtk versions through 0.34

Description A flaw in the spice-client's message processing from the server allows an attacker with control of a malicious spice-server to potentially crash the client or execute arbitrary code with the permissions of the user running the client. The issue is related to insufficient input validation, which can be exploited by a remote attacker using specially crafted server messages.

Recommendations For spice-gtk versions through 0.34, consider disabling the spice-client until a patch is available to prevent potential exploitation. Restrict access to the spice-server to minimize the risk of remote attackers sending malicious messages. Avoid using the spice-client with untrusted spice-servers until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.