CVE-2015-5260 (debian_linux, enterprise_linux_desktop, enterprise_linux_hpc_node, enterprise_linux_hpc_node_eus, enterprise_linux_server, enterprise_linux_server_eus, enterprise_linux_workstation, spice, ubuntu_linux)
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.