Wind River Support Network

HomeDefectsLIN9-9390
Fixed

LIN9-9390 : Security Advisory - libcroco - CVE-2017-7961

Created: Dec 2, 2019    Updated: Jan 21, 2020
Resolved Date: Jan 21, 2020
Found In Version: 9.0.0.1
Fix Version: 9.0.0.25
Severity: Standard
Applicable for: Wind River Linux 9
Component/s: Userspace

Description

** DISPUTED ** The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file. NOTE: third-party analysis reports "This is not a security issue in my view. The conversion surely is truncating the double into a long value, but there is no impact as the value is one of the RGB components."

CREATE(Triage):(User=admin) [CVE-2017-7961|https://nvd.nist.gov/vuln/detail/CVE-2017-7961]

CVEs


Live chat
Online