CVE-2017-7960

Опубликовано: 19 апр. 2017

Источник: debian

EPSS Низкий

Описание

The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libcroco	fixed	0.6.11-3		package
libcroco	no-dsa		jessie	package

Примечания

https://blogs.gentoo.org/ago/2017/04/17/libcroco-heap-overflow-and-undefined-behavior/
https://git.gnome.org/browse/libcroco/commit/?id=898e3a8c8c0314d2e6b106809a8e3e93cf9d4394

EPSS

Процентиль: 67%

0.00533

Низкий

Связанные уязвимости

CVE-2017-7960

CVSS3: 5.5

ubuntu

почти 9 лет назад

The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file.

CVE-2017-7960

CVSS3: 3.3

redhat

почти 9 лет назад

The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file.

CVE-2017-7960

CVSS3: 5.5

nvd

почти 9 лет назад

The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file.

GHSA-wmq5-69f7-qrqx

CVSS3: 5.5

github

больше 3 лет назад

The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file.

openSUSE-SU-2019:1575-1

suse-cvrf

больше 6 лет назад

Security update for libcroco

EPSS

Процентиль: 67%

0.00533

Низкий