Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

1 – 5 of 5 results

CVE-2020-12825

Low priority

Some fixes available 4 of 12

libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption.

2 affected packages

gnome-shell, libcroco

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnome-shell Not affected Not affected Not affected Needs evaluation Needs evaluation
libcroco Not in release Not in release Fixed Fixed Fixed
Show less packages

CVE-2017-8871

Low priority

Some fixes available 4 of 11

The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.

1 affected packages

libcroco

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libcroco Not in release Not in release Fixed Fixed Fixed
Show less packages

CVE-2017-8834

Low priority

Some fixes available 4 of 11

The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.

1 affected packages

libcroco

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libcroco Not in release Not in release Fixed Fixed Fixed
Show less packages

CVE-2017-7961

Low priority
Ignored

** DISPUTED ** The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a...

1 affected packages

libcroco

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libcroco Not affected Not affected Not affected
Show less packages

CVE-2017-7960

Low priority

Some fixes available 2 of 8

The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file.

1 affected packages

libcroco

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libcroco Not in release Not in release Not affected Not affected Fixed
Show less packages