ID CVE-2017-8871
Summary The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.
References
Vulnerable Configurations
  • cpe:2.3:a:gnome:libcroco:0.6.12:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:libcroco:0.6.12:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
CVSS
Base: 7.1 (as of 19-08-2020 - 19:12)
Impact:
Exploitability:
CWE CWE-835
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:C
refmap via4
exploit-db 42147
misc https://bugzilla.gnome.org/show_bug.cgi?id=782649
mlist [oss-security] 20200813 Re: Re: [FD] libcroco multiple vulnerabilities
suse openSUSE-SU-2019:1575
Last major update 19-08-2020 - 19:12
Published 12-06-2017 - 06:29
Last modified 19-08-2020 - 19:12
Back to Top