| Package | spice |
|---|---|
| Version | 0.11.0-1+deb7u6 |
| Related CVEs | CVE-2019-3813 |
Christophe Fergeau of RedHat found an off-by-one error in spice, a SPICE protocol client and server library, that leads to an out of bounds read, which can be exploited by a malicious client to cause denial of service or arbitrary code execution.
For Debian 7 Wheezy, these problems have been fixed in version 0.11.0-1+deb7u6.
We recommend that you upgrade your spice packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.