CVE-2020-14355

Name of the Vulnerable Software and Affected Versions SPICE versions prior to 0.14.2-1 spice-gtk versions prior to 0.14.2-1

Description The issue is related to buffer overflow vulnerabilities in the QUIC image decoding process of the SPICE remote display system. These vulnerabilities can be exploited by a malicious client or server sending specially crafted messages, which can result in a process crash or potential code execution when processed by the QUIC image compression algorithm. This could allow an attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For SPICE versions prior to 0.14.2-1, update to version 0.14.2-1 or later to resolve the issue. For spice-gtk versions prior to 0.14.2-1, update to version 0.14.2-1 or later to resolve the issue. As a temporary workaround, consider restricting access to the QUIC image decoding process until a patch is available.