Published: 19/04/2017 Updated: 03/10/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote malicious users to cause a denial of service (heap-based buffer over-read) via a crafted CSS file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnome libcroco 0.6.11
gnome libcroco 0.6.12

Debian Bug report logs - #860961 libcroco: CVE-2017-7960 CVE-2017-7961 Package: src:libcroco; Maintainer for src:libcroco is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 22 Apr 2017 17:54:02 UTC Severity: important Tags: pat ...

Several security issues were fixed in Libcroco ...

The cr_input_new_from_uri function in cr-inputc in libcroco 0611 and 0612 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file ...

CWE-125 https://git.gnome.org/browse/libcroco/commit/?id=898e3a8c8c0314d2e6b106809a8e3e93cf9d4394 https://blogs.gentoo.org/ago/2017/04/17/libcroco-heap-overflow-and-undefined-behavior/https://security.gentoo.org/glsa/201707-13 http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00043.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860961 https://nvd.nist.gov https://ubuntu.com/security/notices/USN-5389-1

CVE-2017-7960

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect