Known Vulnerabilities for Spice by Spice Project
Listed below are 10 of the newest known vulnerabilities associated with "Spice" by "Spice Project".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-48130 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spicethemes Spice Blocks spic... | Not Provided | 2025-06-09 | 2026-04-01 |
| CVE-2025-39532 | Missing Authorization vulnerability in spicethemes Spice Blocks spice-blocks allows Exploiting Incorrectly Configured Access ... | Not Provided | 2025-04-17 | 2026-04-01 |
| CVE-2024-44003 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spicethemes Spice Start... | Not Provided | 2024-09-18 | 2026-04-01 |
| CVE-2021-20201 | A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial ... | 5.3 - MEDIUM | 2021-05-28 | 2022-10-21 |
| CVE-2020-14355 | Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, be... | 6.6 - MEDIUM | 2020-10-07 | 2023-11-09 |
| CVE-2019-3813 | Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt.... | 7.5 - HIGH | 2019-02-04 | 2022-04-26 |
| CVE-2018-10893 | Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A ma... | 8.8 - HIGH | 2018-09-11 | 2023-02-12 |
| CVE-2018-10873 | A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked... | 8.8 - HIGH | 2018-08-17 | 2019-10-09 |
| CVE-2017-7506 | spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from auth... | 8.8 - HIGH | 2017-07-18 | 2023-02-12 |
| CVE-2016-9578 | A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the ... | 7.5 - HIGH | 2018-07-27 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Spice Project | Spice | 0.9.1 | All | All | All |
| Application | Spice Project | Spice | 0.9.0 | All | All | All |
| Application | Spice Project | Spice | 0.8.3 | All | All | All |
| Application | Spice Project | Spice | 0.8.2 | All | All | All |
| Application | Spice Project | Spice | 0.8.1 | All | All | All |
| Application | Spice Project | Spice | 0.8.0 | All | All | All |
| Application | Spice Project | Spice | 0.7.3 | All | All | All |
| Application | Spice Project | Spice | 0.7.2 | All | All | All |
| Application | Spice Project | Spice | 0.7.1 | All | All | All |
| Application | Spice Project | Spice | 0.7.0 | All | All | All |
| Application | Spice Project | Spice | 0.6.4 | All | All | All |
| Application | Spice Project | Spice | 0.6.3 | All | All | All |
| Application | Spice Project | Spice | 0.6.2 | All | All | All |
| Application | Spice Project | Spice | 0.6.1 | All | All | All |
| Application | Spice Project | Spice | 0.6.0 | All | All | All |
| Application | Spice Project | Spice | 0.5.3 | All | All | All |
| Application | Spice Project | Spice | 0.5.2 | All | All | All |
| Application | Spice Project | Spice | 0.14.1 | All | All | All |
| Application | Spice Project | Spice | 0.14.0 | All | All | All |
| Application | Spice Project | Spice | 0.13.91 | All | All | All |