CVSS: 7.1EPSS: 2%CPEs: 1EXPL: 2CVE-2020-12825 – libcroco: Stack overflow in function cr_parser_parse_any_core in cr-parser.c
https://notcve.org/view.php?id=CVE-2020-12825
12 May 2020 — libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption. libcroco versiones hasta 0.6.13, presenta una recursión excesiva en la función cr_parser_parse_any_core en el archivo cr-parser.c, conllevando a un consumo de la pila. A stack overflow flaw was found in libcroco. A service using libcroco's CSS parser could be crashed by a local, authenticated attacker, or an attacker utilizing social engineering, using a crafted input. The highest threat... • http://www.openwall.com/lists/oss-security/2020/08/13/3 • CWE-121: Stack-based Buffer Overflow CWE-674: Uncontrolled Recursion •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2017-7960 – Ubuntu Security Notice USN-6958-1
https://notcve.org/view.php?id=CVE-2017-7960
19 Apr 2017 — The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file. La función cr_input_new_from_uri en cr-input.c en libcroco 0.6.11 y 0.6.12 permite a atacantes remotos provocar una denegación de servicio (sobre lectura de búfer basado en memoria dinámica) a través de un archivo CSS manipulado. It was discovered that Libcroco was incorrectly accessing data structures when reading bytes fro... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00043.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-7961 – Gentoo Linux Security Advisory 201707-13
https://notcve.org/view.php?id=CVE-2017-7961
19 Apr 2017 — The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file. NOTE: third-party analysis reports "This is not a security issue in my view. The conversion surely is truncating the double into a long value, but there is no impact as the value is one of the RGB... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00043.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •