CVE-2016-9578
7.5
HIGH
CVSS 3.1
EPSS 3.3%
Description
A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.
How to fix CVE-2016-9578
To remediate CVE-2016-9578, upgrade the affected package to a fixed version below.
- Alpine/spice—upgrade to 0.12.8-r3 or later
- Debian/spice—upgrade to 0.12.8-2.1 or later
Is CVE-2016-9578 being exploited?
Low — EPSS is 3.3%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.12.8-r3
- from 0, < 0.12.8-2.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |