Lucene search
K

96 matches found

CVE
CVE
added 2017/06/12 6:0 a.m.213 views

CVE-2017-8834

CVE-2017-8834 affects libcroco 0.6.12, via the cr_tknzr_parse_comment function in cr-tknzr.c, allowing remote denial of service (memory allocation error) through a crafted CSS file. Connected advisories (SUSE/SLE, openSUSE, RHEL, Ubuntu, Astra Linux) reference CVE-2017-8834 and related CVEs (e.g....

6.5CVSS6AI score0.03844EPSS
Exploits4References4Affected Software1
Debian CVE
Debian CVE
added 2017/06/12 6:0 a.m.42 views

CVE-2017-8871

Removed by vendor...

7.1CVSS6.3AI score0.12996EPSS
Exploits4
Exploit DB
Exploit DB
added 2017/06/09 12:0 a.m.50 views

libcroco 0.6.12 - Denial of Service

libcroco multiple vulnerabilities ================ Author : qflb.wu =============== Introduction: ============= Libcroco is a standalone css2 parsing and manipulation library. The parser provides a low level event driven SAC like api and a css object model like api. Libcroco provides a CSS2...

7.1CVSS6.9AI score0.12996EPSS
Exploits5
RedhatCVE
RedhatCVE
added 2017/05/11 1:49 p.m.18 views

CVE-2017-7961

DISPUTED The crtknzrparsergb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact v...

7.8CVSS3.9AI score0.01966EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2017/04/25 1:49 p.m.24 views

CVE-2017-7960

The crinputnewfromuri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted CSS file...

5.5CVSS5.1AI score0.02001EPSS
Exploits1References1
CNVD
CNVD
added 2017/04/21 12:0 a.m.3 views

libcroco 'cr_input_new_from_uri' function denial of service vulnerability

libcroco is a CSS2 parsing library. A security vulnerability exists in the 'crinputnewfromuri' function in the cr-input.c file in libcroco versions 0.6.11 and 0.6.12. A remote attacker can exploit this vulnerability to cause a denial of service heap buffer out-of-bounds read with the help of a...

5.5CVSS5.7AI score0.02001EPSS
Exploits1References1
Prion
Prion
added 2017/04/19 3:59 p.m.16 views

Heap overflow

The crinputnewfromuri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted CSS file...

4.3CVSS5.7AI score0.02001EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2017/04/19 3:59 p.m.13 views

CVE-2017-7961

The crtknzrparsergb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a...

7.8CVSS7.1AI score0.01966EPSS
Exploits1References6
NVD
NVD
added 2017/04/19 3:59 p.m.14 views

CVE-2017-7960

The crinputnewfromuri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted CSS file...

5.5CVSS5.8AI score0.02001EPSS
Exploits1References4
OSV
OSV
added 2017/04/19 3:59 p.m.24 views

CVE-2017-7960

The crinputnewfromuri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted CSS file...

5.5CVSS6.7AI score0.02001EPSS
Exploits1References4
Prion
Prion
added 2017/04/19 3:59 p.m.13 views

Design/Logic Flaw

DISPUTED The crtknzrparsergb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact v...

6.8CVSS7.9AI score0.01966EPSS
Exploits1References6Affected Software1
UbuntuCve
UbuntuCve
added 2017/04/19 3:59 p.m.23 views

CVE-2017-7961

The crtknzrparsergb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a...

7.8CVSS7.2AI score0.01966EPSS
Exploits1References2
Cvelist
Cvelist
added 2017/04/19 3:0 p.m.30 views

CVE-2017-7960

The crinputnewfromuri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted CSS file...

5.7AI score0.02001EPSS
Exploits1References4
Cvelist
Cvelist
added 2017/04/19 3:0 p.m.26 views

CVE-2017-7961

The crtknzrparsergb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a...

7.2AI score0.01966EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2017/04/19 3:0 p.m.70 views

CVE-2017-7960

The crinputnewfromuri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted CSS file...

5.5CVSS5.9AI score0.02001EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2017/04/19 3:0 p.m.446 views

CVE-2017-7961

The crtknzrparsergb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a...

7.8CVSS8AI score0.01966EPSS
Exploits1
CVE
CVE
added 2017/04/19 3:0 p.m.188 views

CVE-2017-7961

The CVE-2017-7961 issue affects libcroco up to version 0.6.12 (cr-tknzr_parse_rgb in cr-tknzr.c). The function may exhibit undefined behavior by converting a double RGB component to a long, potentially enabling denial of service (application crash) or other impact via a crafted CSS file. This is ...

7.8CVSS7.8AI score0.01966EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2017/04/19 3:0 p.m.20 views

CVE-2017-7961

The crtknzrparsergb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a...

7.6AI score0.01966EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2017/04/19 3:0 p.m.46 views

CVE-2017-7960

Removed by vendor...

5.5CVSS6.5AI score0.02001EPSS
Exploits1
NVD
NVD
added 2015/02/19 11:59 a.m.16 views

CVE-2014-6304

The Form Controls CSS file in PNMsoft Sequence Kinetics before 7.7 allows remote attackers to obtain sensitive source-code information via unspecified vectors...

5CVSS6.2AI score0.01173EPSS
Exploits0References2
Rows per page
Query Builder