Download
| Alert*
oval:org.secpod.oval:def:2101189
The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file. oval:org.secpod.oval:def:1900380 The cr_input_new_from_uri function in cr-input.c in libcroco3-dev 0.6.11 and0.6.12 allows remote attackers to cause a denial of service via a crafted CSS file. oval:org.secpod.oval:def:89003237 This update for libcroco fixes the following issues: Security issues fixed: - CVE-2017-7960: Fixed heap overflow . - CVE-2017-7961: Fixed undefined behavior . - CVE-2017-8834: Fixed denial of service via a crafted CSS file . - CVE-2017-8871: Fixed denial of service via a crafted CSS file . |