{"id":"CVE-2015-5261","details":"Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.","modified":"2026-04-16T06:18:06.219944696Z","published":"2016-06-07T14:06:07Z","related":["SUSE-SU-2015:1733-1","SUSE-SU-2016:1259-1","SUSE-SU-2016:1559-1","openSUSE-SU-2024:10393-1"],"references":[{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2015-1889.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2015-1890.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2015/dsa-3371"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2766-1"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201606-05"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1261889"},{"type":"WEB","url":"http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2015/10/06/4"},{"type":"WEB","url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"},{"type":"WEB","url":"http://www.securitytracker.com/id/1033753"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}]}