CVE-2015-5261 | SynScan

Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2015-5261

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.

Published: Jun 7, 2016
Updated: Apr 13, 2023
CVE: CVE-2015-5261
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.1
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVSS v2:

Severity: Low
Score: 3.6
AV:L/AC:L/Au:N/C:P/I:P/A:N

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
canonical / ubuntu_linux	14.04	14.04.x
canonical / ubuntu_linux	15.04	15.04.x
redhat / enterprise_linux_server_eus	6.7.z	6.7.z.x
redhat / enterprise_linux_hpc_node	6.0	6.0.x
redhat / enterprise_linux_desktop	6.0	6.0.x
redhat / enterprise_linux_server	6.0	6.0.x
redhat / enterprise_linux_workstation	6.0	6.0.x
redhat / enterprise_linux_desktop	7.0	7.0.x
redhat / enterprise_linux_workstation	7.0	7.0.x
redhat / enterprise_linux_server	7.0	7.0.x
redhat / enterprise_linux_hpc_node	7.0	7.0.x
redhat / enterprise_linux_server_eus	7.1	7.1.x
redhat / enterprise_linux_hpc_node_eus	7.1	7.1.x
debian / debian_linux	8.0	8.0.x
debian / debian_linux	7.0	7.0.x
spice_project / spice	-	0.12.5.x