CVE Catalog

CVE-2026-57965

MediumCVSS 5.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile — higher than 2% of all known CVEs

Summary

An integer overflow vulnerability was found in spice-vdagent. A malicious or compromised SPICE host can send a crafted message, leading to a heap buffer overflow and crash of the spice-vdagent daemon. This results in a Denial of Service (DoS) for the virtual machine.

Risk Assessment

The risk is that an untrusted SPICE host can remotely crash the spice-vdagent daemon, causing disruption to the virtual machine and potential service unavailability.

Recommendation

Update spice-vdagent to the latest patched version. Additionally, restrict trust to SPICE hosts and monitor traffic for suspicious messages.

Original NVD description (English source)

A flaw was found in spice-vdagent. A malicious or compromised SPICE host can trigger an integer overflow by sending a specially crafted message. This vulnerability can lead to a heap buffer overflow, causing the spice-vdagent daemon to crash and resulting in a Denial of Service (DoS) for the virtual machine. This issue requires the SPICE host to be untrusted or compromised for exploitation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS