CVE-2017-7960

Priority
Low
Description
The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and
0.6.12 allows remote attackers to cause a denial of service (heap-based
buffer over-read) via a crafted CSS file.
References
Bugs
Package
Upstream:released (0.6.11-3)
Ubuntu 17.10 (Artful Aardvark):needed
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 17.04 (Zesty Zapus):needed
Patches:
Upstream:https://git.gnome.org/browse/libcroco/commit/?id=898e3a8c8c0314d2e6b106809a8e3e93cf9d4394
More Information

Updated: 2017-08-11 23:26:47 UTC (commit 13081)