{"id":"CVE-2017-7506","details":"spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak.","modified":"2026-04-16T06:20:20.283101965Z","published":"2017-07-18T15:29:00.173Z","related":["SUSE-SU-2017:1832-1","SUSE-SU-2017:1836-1","SUSE-SU-2017:1837-1","SUSE-SU-2017:1839-1","SUSE-SU-2017:2552-1"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2471"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3522"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3907"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2017/07/14/1"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/99583"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452606"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.freedesktop.org/spice/spice","events":[{"introduced":"0"},{"last_affected":"bc5c34584168d0c6c0d1b9b49c2344f8c12c63b1"},{"introduced":"0"},{"last_affected":"0e50cdbdc376c2c1b7ac54516168410b1f64b5cf"},{"introduced":"0"},{"last_affected":"fc2a84eb5beb4424d99121e2ed79c6bebefaf27e"},{"introduced":"0"},{"last_affected":"6a26992410c6bc8824e047e8a844a90d5fae46c1"},{"introduced":"0"},{"last_affected":"bbc079955a078fa80cd5fb6a398c50f031ca383b"},{"introduced":"0"},{"last_affected":"023d9c0d9118afe64ef17295cd683594413bd36e"},{"introduced":"0"},{"last_affected":"5c3f38fb74c6d377feee07d8e51b3770ffca8ea6"},{"introduced":"0"},{"last_affected":"36542d3ef579c7e8b6d7d9a3311f1fbb1fd0c7fa"},{"introduced":"0"},{"last_affected":"998218be176b1780fff3f6f54b398c67b19b782f"},{"introduced":"0"},{"last_affected":"50a4db17107a65d6e2efc39ce64747ed60464d1e"},{"introduced":"0"},{"last_affected":"822fea8b32c7617badee123e5fa189ae356f2f87"},{"introduced":"0"},{"last_affected":"7fd8b7c971173c13842f041c1c7d51f8dc797e46"},{"introduced":"0"},{"last_affected":"9a03fbcbe49fa9817529824999ce3c155c217289"},{"introduced":"0"},{"last_affected":"f0e5a3cb77625b32050f052a8ede7ab0ca008224"},{"introduced":"0"},{"last_affected":"4a26fa01cdd1c341d5f0cca08655c9c08064b987"},{"introduced":"0"},{"last_affected":"7cb2997c7134e2e08a5f00274bb4f0b212531166"},{"introduced":"0"},{"last_affected":"75dacb8d62b30cd08a3e6286d6c36e77e3e21254"},{"introduced":"0"},{"last_affected":"c47bb16e9025ad3e427d480146d150acc9996063"},{"introduced":"0"},{"last_affected":"2f4115e52eeea3039a9e230d8c79ab42691a7dbf"},{"introduced":"0"},{"last_affected":"5cbffe794f156814bc1082b2a887ce6d62e87532"},{"introduced":"0"},{"last_affected":"8ac808918c96785f3795c253ea302f613f6413de"},{"introduced":"0"},{"last_affected":"dc3cd205dda4d76f4afecd64d4d5abde81545e6d"},{"introduced":"0"},{"last_affected":"55ebd0a1c02e4323b1a8a39d59ea2c066ea45fa2"},{"introduced":"0"},{"last_affected":"59ff2f9221f3d78d4a12b7da6d8d6e2fb499ca10"},{"introduced":"0"},{"last_affected":"b270fb010a3ddb432dfe6b15e4bdffa6ac086cd0"},{"introduced":"0"},{"last_affected":"1aac71d51ca6034327a91616310bb03b44c081ef"},{"introduced":"0"},{"last_affected":"9e75019e653f4f79d5287ba8288726ad88f97fee"},{"introduced":"0"},{"last_affected":"4d67c41aa77b535116357023c96499949f7bfc56"},{"introduced":"0"},{"last_affected":"6e66366f9b05b0440df97de084ea1a92990a8874"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.5.2"},{"introduced":"0"},{"last_affected":"0.5.3"},{"introduced":"0"},{"last_affected":"0.6.0"},{"introduced":"0"},{"last_affected":"0.6.1"},{"introduced":"0"},{"last_affected":"0.6.2"},{"introduced":"0"},{"last_affected":"0.6.3"},{"introduced":"0"},{"last_affected":"0.6.4"},{"introduced":"0"},{"last_affected":"0.7.0"},{"introduced":"0"},{"last_affected":"0.7.1"},{"introduced":"0"},{"last_affected":"0.7.2"},{"introduced":"0"},{"last_affected":"0.7.3"},{"introduced":"0"},{"last_affected":"0.8.0"},{"introduced":"0"},{"last_affected":"0.8.1"},{"introduced":"0"},{"last_affected":"0.8.2"},{"introduced":"0"},{"last_affected":"0.8.3"},{"introduced":"0"},{"last_affected":"0.9.0"},{"introduced":"0"},{"last_affected":"0.9.1"},{"introduced":"0"},{"last_affected":"0.10.0"},{"introduced":"0"},{"last_affected":"0.10.1"},{"introduced":"0"},{"last_affected":"0.11.0"},{"introduced":"0"},{"last_affected":"0.11.3"},{"introduced":"0"},{"last_affected":"0.12.0"},{"introduced":"0"},{"last_affected":"0.12.2"},{"introduced":"0"},{"last_affected":"0.12.3"},{"introduced":"0"},{"last_affected":"0.12.4"},{"introduced":"0"},{"last_affected":"0.12.5"},{"introduced":"0"},{"last_affected":"0.12.6"},{"introduced":"0"},{"last_affected":"0.12.8"},{"introduced":"0"},{"last_affected":"0.13.0"}]}}],"versions":["0.10.0","0.10.1","0.11.0","0.11.3","0.12.0","0.5.2","0.5.3","0.6.0","0.6.1","0.6.2","0.6.3","0.6.4","0.7.0","0.7.1","0.7.2","0.7.3","0.8.0","0.8.1","0.8.2","0.8.3","0.9.0","0.9.1","v0.12.0","v0.12.2","v0.12.3","v0.12.4","v0.12.5","v0.12.6","v0.12.8","v0.13.0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"0.12.7"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7506.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}