CVE-2017-7506

spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak.

Published: Jul 18, 2017
Updated: Nov 9, 2025
CVE: CVE-2017-7506
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
spice_project / spice	0.12.3	0.12.3.x
spice_project / spice	0.13.0	0.13.0.x
spice_project / spice	0.12.5	0.12.5.x
spice_project / spice	0.10.0	0.10.0.x
spice_project / spice	0.12.2	0.12.2.x
spice_project / spice	0.12.8	0.12.8.x
spice_project / spice	0.7.3	0.7.3.x
spice_project / spice	0.8.0	0.8.0.x
spice_project / spice	0.7.0	0.7.0.x
spice_project / spice	0.9.0	0.9.0.x
spice_project / spice	0.6.0	0.6.0.x
spice_project / spice	0.12.6	0.12.6.x
spice_project / spice	0.10.1	0.10.1.x
spice_project / spice	0.6.3	0.6.3.x
spice_project / spice	0.6.4	0.6.4.x
spice_project / spice	0.5.3	0.5.3.x
spice_project / spice	0.5.2	0.5.2.x
spice_project / spice	0.11.0	0.11.0.x
spice_project / spice	0.8.3	0.8.3.x
spice_project / spice	0.6.1	0.6.1.x
spice_project / spice	0.9.1	0.9.1.x
spice_project / spice	0.8.2	0.8.2.x
spice_project / spice	0.7.1	0.7.1.x
spice_project / spice	0.11.3	0.11.3.x
spice_project / spice	0.8.1	0.8.1.x
spice_project / spice	0.12.7	0.12.7.x
spice_project / spice	0.12.0	0.12.0.x
spice_project / spice	0.6.2	0.6.2.x
spice_project / spice	0.12.4	0.12.4.x
spice_project / spice	0.7.2	0.7.2.x

Vulnerability Database

309,961

CVE-2017-7506

Deep Security Visibility Without the Complexity