CVE-2017-8871

Published: 12 June 2017

The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.

Priority

CVSS 3 base score: 6.5

Status

Package	Release	Status
libcroco Launchpad, Ubuntu, Debian	artful	Ignored (reached end-of-life)
	bionic	Needed
	cosmic	Ignored (reached end-of-life)
	disco	Ignored (reached end-of-life)
	eoan	Ignored (reached end-of-life)
	focal	Needed
	groovy	Ignored (reached end-of-life)
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	precise	Ignored (end of ESM support, was needed)
	trusty	Needed
	upstream	Ignored
	xenial	Released (0.6.11-1ubuntu0.1~esm1)
	yakkety	Ignored (reached end-of-life)
	zesty	Ignored (reached end-of-life)
	Patches: other: https://bugzilla.gnome.org/attachment.cgi?id=374219

References

Bugs

https://bugzilla.gnome.org/show_bug.cgi?id=782649

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Security