Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Mageia: 2019-0389 Moderate: Libcroco Heap Overflow and DoS Fix

mageia
Calendar Grey December 15, 2019
Dist Mageia Esm H88
The latest libcroco updates address critical security vulnerabilities such as buffer overflow risks and denial-of-service threats.
Updated libcroco packages fix security vulnerabilities: Heap overflow (input: check end of input before reading a byte) (CVE-2017-7960)

Summary

Updated libcroco packages fix security vulnerabilities:
Heap overflow (input: check end of input before reading a byte) (CVE-2017-7960).
Undefined behavior (tknzr: support only max long rgb values) (CVE-2017-7961).
Denial of service (memory allocation error) via a crafted CSS file (CVE-2017-8834).
Denial of service (infinite loop and CPU consumption) via a crafted CSS file (CVE-2017-8871).

References

- https://bugs.mageia.org/show_bug.cgi?id=21057

- - https://www.cve.org/CVERecord?id=CVE-2017-7960

- https://www.cve.org/CVERecord?id=CVE-2017-7961

- https://www.cve.org/CVERecord?id=CVE-2017-8834

- https://www.cve.org/CVERecord?id=CVE-2017-8871

Topics%20covered

Topics Covered

security advisory security update heap overflow Denial of service Mageia libcroco CSS issue

Resolution

SRPMS

- 7/core/libcroco-0.6.13-1.1.mga7

Publication date: 15 Dec 2019
URL: https://advisories.mageia.org/MGASA-2019-0389.html
Type: security
CVE: CVE-2017-7960, CVE-2017-7961, CVE-2017-8834, CVE-2017-8871

Topics%20covered

Topics Covered

security advisory security update heap overflow Denial of service Mageia libcroco CSS issue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here