CVE-2026-57965
MediumCVSS 5.1Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
An integer overflow vulnerability was found in spice-vdagent. A malicious or compromised SPICE host can send a crafted message, leading to a heap buffer overflow and crash of the spice-vdagent daemon. This results in a Denial of Service (DoS) for the virtual machine.
Risk Assessment
The risk is that an untrusted SPICE host can remotely crash the spice-vdagent daemon, causing disruption to the virtual machine and potential service unavailability.
Recommendation
Update spice-vdagent to the latest patched version. Additionally, restrict trust to SPICE hosts and monitor traffic for suspicious messages.
Original NVD description (English source)
A flaw was found in spice-vdagent. A malicious or compromised SPICE host can trigger an integer overflow by sending a specially crafted message. This vulnerability can lead to a heap buffer overflow, causing the spice-vdagent daemon to crash and resulting in a Denial of Service (DoS) for the virtual machine. This issue requires the SPICE host to be untrusted or compromised for exploitation.

