5 matches found
CVE-2020-12825
CVE-2020-12825 affects libcroco
CVE-2017-8834
CVE-2017-8834 affects libcroco 0.6.12, via the cr_tknzr_parse_comment function in cr-tknzr.c, allowing remote denial of service (memory allocation error) through a crafted CSS file. Connected advisories (SUSE/SLE, openSUSE, RHEL, Ubuntu, Astra Linux) reference CVE-2017-8834 and related CVEs (e.g....
CVE-2017-8871
CVE-2017-8871 affects libcroco (cr-parser.c: cr_parser_parse_selector_core) where a crafted CSS file can trigger an infinite loop and CPU exhaustion, leading to denial of service. The issue is in libcroco 0.6.12; multiple bulletins note the same root cause across distros (e.g., SUSE-SU-2020:1535-...
CVE-2017-7961
The CVE-2017-7961 issue affects libcroco up to version 0.6.12 (cr-tknzr_parse_rgb in cr-tknzr.c). The function may exhibit undefined behavior by converting a double RGB component to a long, potentially enabling denial of service (application crash) or other impact via a crafted CSS file. This is ...
CVE-2017-7960
CVE-2017-7960 affects libcroco 0.6.11 and 0.6.12. The vulnerability is triggered by a crafted CSS file through the cr-input_new_from_uri function in cr-input.c, leading to a heap-based buffer over-read and a potential denial of service. Connected advisories (e.g., Red Hat, Ubuntu, EulerOS/NASL en...