Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv3

CVE-2017-7960

Published: 19/04/2017 Updated: 03/10/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Summary

The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote malicious users to cause a denial of service (heap-based buffer over-read) via a crafted CSS file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnome libcroco 0.6.11

gnome libcroco 0.6.12

Vendor Advisories

Ubuntu Security Notice: USN-5389-1: Libcroco vulnerabilities
Several security issues were fixed in Libcroco ...
Debian CVElist Bug Report Logs: libcroco: CVE-2017-7960 CVE-2017-7961
Debian Bug report logs - #860961 libcroco: CVE-2017-7960 CVE-2017-7961 Package: src:libcroco; Maintainer for src:libcroco is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 22 Apr 2017 17:54:02 UTC Severity: important Tags: pat ...
Red Hat: CVE-2017-7960
The cr_input_new_from_uri function in cr-inputc in libcroco 0611 and 0612 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file ...

References

CWE-125https://git.gnome.org/browse/libcroco/commit/?id=898e3a8c8c0314d2e6b106809a8e3e93cf9d4394https://blogs.gentoo.org/ago/2017/04/17/libcroco-heap-overflow-and-undefined-behavior/https://security.gentoo.org/glsa/201707-13http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00043.htmlhttps://ubuntu.com/security/notices/USN-5389-1https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248CVE-2024-3110CVE-2024-5552CVE-2024-29415HTML injectionCVE-2024-3095TCPtype confusionCVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook