Lucene search

UbuntuUSN-6958-1

HistoryAug 13, 2024 - 12:00 a.m.

Libcroco vulnerabilities

2024-08-1300:00:00

ubuntu.com

libcroco

vulnerabilities

ubuntu

css

parsing

heap buffer overflow

denial of service

cve-2017-7960

invalid utf-8

recursion

stack overflow

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

AI Score

Confidence

Low

JSON

Releases

Ubuntu 20.04 LTS
Ubuntu 18.04 ESM
Ubuntu 14.04 ESM

Packages

libcroco - Cascading Style Sheet (CSS) parsing and manipulation toolkit

Details

It was discovered that Libcroco was incorrectly accessing data structures
when reading bytes from memory, which could cause a heap buffer overflow.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 14.04 LTS. (CVE-2017-7960)

It was discovered that Libcroco was incorrectly handling invalid UTF-8
values when processing CSS files. An attacker could possibly use this
issue to cause a denial of service. (CVE-2017-8834, CVE-2017-8871)

It was discovered that Libcroco was incorrectly implementing recursion in
one of its parsing functions, which could cause an infinite recursion
loop and a stack overflow due to stack consumption. An attacker could
possibly use this issue to cause a denial of service. (CVE-2020-12825)

OSVersionArchitecturePackageVersionFilename
Ubuntu20.04noarchlibcroco-tools< 0.6.13-1ubuntu0.1UNKNOWN
Ubuntu20.04noarchlibcroco-tools-dbgsym< 0.6.13-1ubuntu0.1UNKNOWN
Ubuntu20.04noarchlibcroco3< 0.6.13-1ubuntu0.1UNKNOWN
Ubuntu20.04noarchlibcroco3-dbgsym< 0.6.13-1ubuntu0.1UNKNOWN
Ubuntu20.04noarchlibcroco3-dev< 0.6.13-1ubuntu0.1UNKNOWN
Ubuntu18.04noarchlibcroco-tools< 0.6.12-2ubuntu0.1~esm1UNKNOWN
Ubuntu18.04noarchlibcroco-tools< 0.6.12-2UNKNOWN
Ubuntu18.04noarchlibcroco-tools-dbgsym< 0.6.12-2UNKNOWN
Ubuntu18.04noarchlibcroco3< 0.6.12-2UNKNOWN
Ubuntu18.04noarchlibcroco3-dbgsym< 0.6.12-2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	20.04	noarch	libcroco-tools	< 0.6.13-1ubuntu0.1	UNKNOWN
Ubuntu	20.04	noarch	libcroco-tools-dbgsym	< 0.6.13-1ubuntu0.1	UNKNOWN
Ubuntu	20.04	noarch	libcroco3	< 0.6.13-1ubuntu0.1	UNKNOWN
Ubuntu	20.04	noarch	libcroco3-dbgsym	< 0.6.13-1ubuntu0.1	UNKNOWN
Ubuntu	20.04	noarch	libcroco3-dev	< 0.6.13-1ubuntu0.1	UNKNOWN
Ubuntu	18.04	noarch	libcroco-tools	< 0.6.12-2ubuntu0.1~esm1	UNKNOWN
Ubuntu	18.04	noarch	libcroco-tools	< 0.6.12-2	UNKNOWN
Ubuntu	18.04	noarch	libcroco-tools-dbgsym	< 0.6.12-2	UNKNOWN
Ubuntu	18.04	noarch	libcroco3	< 0.6.12-2	UNKNOWN
Ubuntu	18.04	noarch	libcroco3-dbgsym	< 0.6.12-2	UNKNOWN