CVE-2017-7961Improper Restriction of Operations within the Bounds of a Memory Buffer in Libcroco

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.9%
top 24.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Gnome Libcroco
Timeline
PublishedApr 19
Latest updateMay 14

Description

The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file. NOTE: third-party analysis reports "This is not a security issue in my view. The conversion surely is truncating the double into a long value, but there is no impact as the value is on

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

Alpinegnome/libcroco< 0.6.13-r1+4
NVDgnome/libcroco0.6.11, 0.6.12+1

Patches

Patch: openwall.comPatch: blogs.gentoo.orgPatch: bugzilla.suse.com

🔴Vulnerability Details

3
GHSA
GHSA-w464-8qjc-r5gx: ** DISPUTED ** The cr_tknzr_parse_rgb function in cr-tknzr2022-05-14
OSV
CVE-2017-7961: The cr_tknzr_parse_rgb function in cr-tknzr2017-04-19
CVEList
CVE-2017-7961: The cr_tknzr_parse_rgb function in cr-tknzr2017-04-19

📋Vendor Advisories

1
Red Hat
libcroco: Undefined behavior issue in cr_tknzr_parse_rgb function2017-04-16

💬Community

3
Bugzilla
CVE-2017-7961 libcroco: Undefined behavior issue in cr_tknzr_parse_rgb function [fedora-all]2017-05-11
Bugzilla
CVE-2017-7961 libcroco: Undefined behavior issue in cr_tknzr_parse_rgb function2017-05-11
Bugzilla
CVE-2017-7961 mingw-libcroco: libcroco: Undefined behavior issue in cr_tknzr_parse_rgb function [fedora-all]2017-05-11