Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2017-7961

Published: 19/04/2017 Updated: 17/05/2024
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 606
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Gnome

Vulnerability Summary

The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file. NOTE: third-party analysis reports "This is not a security issue in my view. The conversion surely is truncating the double into a long value, but there is no impact as the value is one of the RGB components.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnome libcroco 0.6.12

gnome libcroco 0.6.11

Vendor Advisories

Debian CVElist Bug Report Logs: libcroco: CVE-2017-7960 CVE-2017-7961
Debian Bug report logs - #860961 libcroco: CVE-2017-7960 CVE-2017-7961 Package: src:libcroco; Maintainer for src:libcroco is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 22 Apr 2017 17:54:02 UTC Severity: important Tags: pat ...
Red Hat: CVE-2017-7961
** DISPUTED ** The cr_tknzr_parse_rgb function in cr-tknzrc in libcroco 0611 and 0612 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file NOTE: third-party a ...

References

CWE-119https://git.gnome.org/browse/libcroco/commit/?id=9ad72875e9f08e4c519ef63d44cdbd94aa9504f7https://blogs.gentoo.org/ago/2017/04/17/libcroco-heap-overflow-and-undefined-behavior/https://bugzilla.suse.com/show_bug.cgi?id=1034482http://openwall.com/lists/oss-security/2017/04/24/2https://security.gentoo.org/glsa/201707-13http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00043.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860961https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2017-7961
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook