CVE-2017-7960

Published: 19 April 2017

The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file.

Priority

CVSS 3 base score: 5.5

Status

Package	Release	Status
libcroco Launchpad, Ubuntu, Debian	Upstream	Released (0.6.11-3)
	Ubuntu 21.04 (Hirsute Hippo)	Does not exist
	Ubuntu 20.10 (Groovy Gorilla)	Not vulnerable (0.6.13-1)
	Ubuntu 20.04 LTS (Focal Fossa)	Not vulnerable (0.6.13-1)
	Ubuntu 18.04 LTS (Bionic Beaver)	Needed
	Ubuntu 16.04 LTS (Xenial Xerus)	Needed
	Ubuntu 14.04 ESM (Trusty Tahr)	Needed
	Patches: Upstream: https://git.gnome.org/browse/libcroco/commit/?id=898e3a8c8c0314d2e6b106809a8e3e93cf9d4394

References

Bugs

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860961

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM