MGASA-2019-0389

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2019-0389.html
Import Source
https://advisories.mageia.org/MGASA-2019-0389.json
JSON Data
https://api.test.osv.dev/v1/vulns/MGASA-2019-0389
Related
Published
2019-12-15T18:03:05Z
Modified
2019-12-15T17:41:58Z
Summary
Updated libcroco packages fix security vulnerability
Details

Updated libcroco packages fix security vulnerabilities:

Heap overflow (input: check end of input before reading a byte) (CVE-2017-7960).

Undefined behavior (tknzr: support only max long rgb values) (CVE-2017-7961).

Denial of service (memory allocation error) via a crafted CSS file (CVE-2017-8834).

Denial of service (infinite loop and CPU consumption) via a crafted CSS file (CVE-2017-8871).

References
Credits

Affected packages

Mageia:7 / libcroco

Package

Name
libcroco
Purl
pkg:rpm/mageia/libcroco?distro=mageia-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.13-1.1.mga7

Ecosystem specific 

{
    "section": "core"
}