CVE-2017-7960 — Out-of-bounds Read in Libcroco

CWE-125 — Out-of-bounds Read11 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.4%

top 39.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Libcroco

Timeline

PublishedApr 19

Latest updateAug 13

Description

The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶Alpinegnome/libcroco< 0.6.13-r1+4

▶Ubuntugnome/libcroco< 0.6.13-1ubuntu0.1+3

▶NVDgnome/libcroco0.6.11, 0.6.12+1

Patches

Patch: blogs.gentoo.org ↗Patch: git.gnome.org ↗Patch: blogs.gentoo.org ↗

🔴Vulnerability Details

OSV

libcroco vulnerabilities↗2024-08-13

▶

GHSA

GHSA-wmq5-69f7-qrqx: The cr_input_new_from_uri function in cr-input↗2022-05-13

▶

OSV

libcroco vulnerabilities↗2022-04-26

▶

OSV

CVE-2017-7960: The cr_input_new_from_uri function in cr-input↗2017-04-19

▶

📋Vendor Advisories

Ubuntu

Libcroco vulnerabilities↗2024-08-13

▶

Ubuntu

Libcroco vulnerabilities↗2022-04-26

▶

Red Hat

libcroco: Out-of-bounds read due to missing index check in cr-input.c↗2017-04-16

▶

💬Community

Bugzilla

CVE-2017-7960 mingw-libcroco: libcroco: Out-of-bounds read due to missing index check in cr-input.c [fedora-all]↗2017-04-25

▶

Bugzilla

CVE-2017-7960 libcroco: Out-of-bounds read due to missing index check in cr-input.c↗2017-04-25

▶

Bugzilla

CVE-2017-7960 libcroco: Out-of-bounds read due to missing index check in cr-input.c [fedora-all]↗2017-04-25

▶