23 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-7960
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The crinputnewfromuri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service heap-based buffer over-read via ...
USN-6958-1: Libcroco vulnerabilities
It was discovered that Libcroco was incorrectly accessing data structures when reading bytes from memory, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. CVE-2017-7960 It was discovered th...
Ubuntu 14.04 LTS / 18.04 LTS / 20.04 LTS : Libcroco vulnerabilities (USN-6958-1)
The remote Ubuntu 14.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6958-1 advisory. It was discovered that Libcroco was incorrectly accessing data structures when reading bytes from memory, which could cause a hea...
RHEL 5 : libcroco (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libcroco: Infinite loop in the crparserparseselectorcore function CVE-2017-8871 - The crinputnewfromuri...
USN-5389-1: Libcroco vulnerabilities
It was discovered that Libcroco was incorrectly accessing data structures when reading bytes from memory, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. CVE-2017-7960 It was discovered that Libcroco was incorrectly handling invali...
Mageia: Security Advisory (MGASA-2019-0389)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Advisory ROSA-SA-2021-1865
Software: libcroco 0.6.12 OS: Cobalt 7.9 CVE-ID: CVE-2017-7960 CVE-Crit: MEDIUM CVE-DESC: The crinputnewfromuri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service heap-based buffer re-read via a crafted CSS file. CVE-STATUS: default CVE-REV:...
SUSE: Security Advisory (SUSE-SU-2019:1468-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for libcroco (EulerOS-SA-2020-1475)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for libcroco (EulerOS-SA-2020-1251)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for libcroco (EulerOS-SA-2019-2520)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2019-0389 Updated libcroco packages fix security vulnerability
Updated libcroco packages fix security vulnerabilities: Heap overflow input: check end of input before reading a byte CVE-2017-7960. Undefined behavior tknzr: support only max long rgb values CVE-2017-7961. Denial of service memory allocation error via a crafted CSS file CVE-2017-8834. Denial of...
openSUSE: Security Advisory for libcroco (openSUSE-SU-2019:1575-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE SLED12 / SLES12 Security Update : libcroco (SUSE-SU-2019:1468-1)
This update for libcroco fixes the following issues : Security issues fixed : CVE-2017-7960: Fixed heap overflow input: check end of input before reading a byte bsc1034481. CVE-2017-7961: Fixed undefined behavior tknzr: support only max long rgb values bsc1034482. CVE-2017-8834: Fixed denial of...
Debian: Security Advisory (DLA-909-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GLSA-201707-13 : libcroco: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201707-13 libcroco: Multiple vulnerabilities Multiple vulnerabilities have been discovered in libcroco. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a...
[SECURITY] [DLA 909-1] libcroco security update
Package : libcroco Version : 0.6.6-2+deb7u1 CVE ID : CVE-2017-7960 CVE-2017-7961 Debian Bug : 860961 CVE-2017-7960 A heap-based buffer over-read vulnerability could be triggered remotely via a crafted CSS file to cause a denial of service. CVE-2017-7961 An "outside the range of representable valu...
CVE-2017-7960
The crinputnewfromuri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted CSS file...
CVE-2017-7960
The crinputnewfromuri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted CSS file...
CVE-2017-7960
CVE-2017-7960 affects libcroco 0.6.11 and 0.6.12. The vulnerability is triggered by a crafted CSS file through the cr-input_new_from_uri function in cr-input.c, leading to a heap-based buffer over-read and a potential denial of service. Connected advisories (e.g., Red Hat, Ubuntu, EulerOS/NASL en...