CVE-2017-7961

Priority
Low
Description
** DISPUTED ** The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco
0.6.11 and 0.6.12 has an "outside the range of representable values of type
long" undefined behavior issue, which might allow remote attackers to cause
a denial of service (application crash) or possibly have unspecified other
impact via a crafted CSS file. NOTE: third-party analysis reports "This is
not a security issue in my view. The conversion surely is truncating the
double into a long value, but there is no impact as the value is one of the
RGB components."
References
Package
Upstream:released (0.6.11-3)
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 17.10 (Artful Aardvark):ignored (reached end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 18.10 (Cosmic Cuttlefish):needed
Patches:
Upstream:https://git.gnome.org/browse/libcroco/commit/?id=9ad72875e9f08e4c519ef63d44cdbd94aa9504f7
More Information

Updated: 2018-07-20 15:22:33 UTC (commit a528766076160b2c60cf56892e2070e2c83615a3)