Denial of Service Vulnerability in libcroco by Gnome
CVE-2017-7960

5.5MEDIUM

Key Information:

Vendor

Gnome
Status
Libcroco
Vendor
CVE Published:
19 April 2017

What is CVE-2017-7960?

The cr_input_new_from_uri function in the libcroco library allows attackers to exploit a heap-based buffer over-read vulnerability. This can be triggered through a specially crafted CSS file, leading to potential denial of service conditions. This flaw may disrupt application performance, making it critical for developers to address these specific versions to mitigate risks associated with remote exploitation.

References

https://security.gentoo.org/glsa/201707-13
vendor-advisoryx_refsource_GENTOO
https://git.gnome.org/browse/libcroco/commit/?id=898e3a8c...
x_refsource_MISC
https://blogs.gentoo.org/ago/2017/04/17/libcroco-heap-ove...
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.