VDB
ALPINE-CVE-2020-14355
ALPINE-CVE-2020-14355
PUBLISHED
CVSS 6.599999904632568 MEDIUM
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution.
Risk Scores
CVSS v3.1
6.599999904632568
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.20 | spice | 0.10.0-r1, 0.10.1-r0, 0.12.0-r0 |
| Alpine:v3.22 | spice | 0, 0.10.0-r2, 0.10.1-r0 |
| Alpine:v3.23 | spice | 0.10.0-r0, 0.10.0-r1, 0.10.0-r2 |
| Alpine:v3.15 | spice | 0, 0.10.0-r1, 0.10.1-r0 |
| Alpine:v3.18 | spice | 0.14.0-r6, 0, 0.10.0-r0 |
| Alpine:v3.16 | spice | 0.10.0-r1, 0, 0.14.3-r1 |
| Alpine:v3.17 | spice | 0.10.0-r0, 0.10.0-r1, 0.10.0-r2 |
| Alpine:v3.19 | spice | 0.14.0-r4, 0.12.2-r1, 0 |
| Alpine:v3.21 | spice | 0.10.0-r0, 0.14.3-r1, 0.14.3-r0 |
Timeline
- Oct 7, 2020 CVE Published
- Dec 3, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch