GNOME Libcroco

Do you want an email whenever new security vulnerabilities are reported in GNOME Libcroco?

By the Year

In 2024 there have been 0 vulnerabilities in GNOME Libcroco . Libcroco did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2024	0	0.00
2023	0	0.00
2022	0	0.00
2021	0	0.00
2020	1	7.10
2019	0	0.00
2018	0	0.00

It may take a day or so for new Libcroco vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent GNOME Libcroco Security Vulnerabilities

libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c

CVE-2020-12825 7.1 - High - May 12, 2020

libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption.

Stack Exhaustion

The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12

CVE-2017-8834 6.5 - Medium - June 12, 2017

The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.

Buffer Overflow

The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12

CVE-2017-8871 6.5 - Medium - June 12, 2017

The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.

Infinite Loop

The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might

CVE-2017-7961 7.8 - High - April 19, 2017

The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file. NOTE: third-party analysis reports "This is not a security issue in my view. The conversion surely is truncating the double into a long value, but there is no impact as the value is one of the RGB components.

Buffer Overflow

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for GNOME Libcroco or by GNOME? Click the Watch button to subscribe.

GNOME
Vendor

GNOME Libcroco
Product

GNOME Libcroco

By the Year

Recent GNOME Libcroco Security Vulnerabilities

libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c CVE-2020-12825 7.1 - High - May 12, 2020

The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 CVE-2017-8834 6.5 - Medium - June 12, 2017

The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 CVE-2017-8871 6.5 - Medium - June 12, 2017

The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might CVE-2017-7961 7.8 - High - April 19, 2017