GNOME Libcroco
By the Year
In 2024 there have been 0 vulnerabilities in GNOME Libcroco . Libcroco did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 1 | 7.10 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Libcroco vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent GNOME Libcroco Security Vulnerabilities
libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c
CVE-2020-12825
7.1 - High
- May 12, 2020
libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption.
Stack Exhaustion
The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12
CVE-2017-8834
6.5 - Medium
- June 12, 2017
The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.
Buffer Overflow
The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12
CVE-2017-8871
6.5 - Medium
- June 12, 2017
The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.
Infinite Loop
The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might
CVE-2017-7961
7.8 - High
- April 19, 2017
The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file. NOTE: third-party analysis reports "This is not a security issue in my view. The conversion surely is truncating the double into a long value, but there is no impact as the value is one of the RGB components.
Buffer Overflow
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for GNOME Libcroco or by GNOME? Click the Watch button to subscribe.