92 matches found
@adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity
Impact @adobe/css-tools version 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS. Patches The issue has been resolved in 4.3.2. Workarounds None References N/A...
Regular Expression Denial Of Service (ReDoS)
@adobe/css-tools is vulnerable to Denial Of Service. The vulnerability is due to exponential regex backtracking when parsing CSS in the parse method of src/parse/index.ts, which can result in Denial of Service...
SUSE CVE-2023-26364
@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges...
Adobe css-tools security vulnerability
Adobe css-tools is a CSS parser/string generator for Node.js from Adobe USA. A security vulnerability exists in Adobe css-tools version 4.3.0 and prior versions, which stems from incorrect input validation, resulting in a minor denial of service when attempting to parse CSS...
PT-2023-7567
Name of the Vulnerable Software and Affected Versions PostCSS versions prior to 8.4.31 Description The issue affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contain parts parsed by PostCSS as a CSS comment. After processing by...
CVE-2023-44270
An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...
Regular Expression Denial Of Service (ReDoS)
@adobe/css-tools is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability exists in index.ts due to improper input validations which allows an attacker to cause an application slowdown when parsing CSS...
Gnome Shell, gettext, libcroco: Multiple Vulnerabilities
Background GNOME Shell provides core user interface functions for the GNOME desktop, like switching to windows and launching applications. gettext contains the GNU locale utilities. libcroco is a standalone CSS2 parsing and manipulation library. Description The crparserparseanycore function in...
USN-5389-1: Libcroco vulnerabilities
It was discovered that Libcroco was incorrectly accessing data structures when reading bytes from memory, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. CVE-2017-7960 It was discovered that Libcroco was incorrectly handling invali...
Inefficient Regular Expression Complexity in fb55/nth-check
Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in nth-check. It allows cause a denial of service when parsing crafted invalid CSS nth-checks. The ReDoS vulnerabilities of the regex are mainly due to the sub-pattern \s?:+-?\s\d+? with quantified...
AZL-44802 CVE-2017-8871 affecting package libcroco 0.6.13-6
The crparserparseselectorcore function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted CSS file...
libcroco 0.6.12 - Denial of Service
libcroco 0.6.12 - Denial of Service libcroco multiple vulnerabilities ================ Author : qflb.wu =============== Introduction: ============= Libcroco is a standalone css2 parsing and manipulation library. The parser provides a low level event driven SAC like api and a css object model like...
libcroco 'cr_input_new_from_uri' function denial of service vulnerability
libcroco is a CSS2 parsing library. A security vulnerability exists in the 'crinputnewfromuri' function in the cr-input.c file in libcroco versions 0.6.11 and 0.6.12. A remote attacker can exploit this vulnerability to cause a denial of service heap buffer out-of-bounds read with the help of a...
Mozilla Thunderbird Multiple Vulnerabilities-01 (Oct 2014) - Windows
Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...
Buffer overflow during CSS manipulation — Mozilla
Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered a buffer overflow when making capitalization style changes during CSS parsing. This can cause a crash that is potentially exploitable...
MS Internet Explorer "mshtml.dll" CSS Parsing Buffer Overflow
No description provided by source. / Taken from http://www.securiteam.com/exploits/5NP042KF5A.html The exploit will create a .CSS file that should be included in an HTML file. When a user loads the HTML file, Internet Explorer will try to parse the CSS and will trigger the buffer overflow. /...
Google Chrome < 12.0.742.112 Multiple Vulnerabilities
Binary data 5970.pasl...
Google Chrome multiple vulnerabilities - Dec 10(Linux)
The host is running Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvulndec10lin.nasl 5306 2017-02-16 09:00:16Z teissa $ Google Chrome multiple vulnerabilities - Dec 10Linux Authors: Sooraj KS Copyright: Copyright c 2010 Greenbone Networks...
Google Chrome multiple vulnerabilities - Dec 10(Windows)
The host is running Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvulndec10win.nasl 5306 2017-02-16 09:00:16Z teissa $ Google Chrome multiple vulnerabilities - Dec 10Windows Authors: Sooraj KS Copyright: Copyright c 2010 Greenbone Networ...
PT-2010-5544 · Google +3 · Chrome Os +4
Name of the Vulnerable Software and Affected Versions: WebKit versions prior to 8.0.552.224 Google Chrome versions prior to 8.0.552.224 Chrome OS versions prior to 8.0.552.343 webkitgtk versions prior to 1.2.6 Description: The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp does...