The crinputnewfromuri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file.
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "low", "binaries": [ { "libcroco-tools-dbgsym": "0.6.8-2ubuntu1+esm1", "libcroco-tools": "0.6.8-2ubuntu1+esm1", "libcroco3-dbgsym": "0.6.8-2ubuntu1+esm1", "libcroco3-dev": "0.6.8-2ubuntu1+esm1", "libcroco3": "0.6.8-2ubuntu1+esm1" } ] }
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "low", "binaries": [ { "libcroco-tools-dbgsym": "0.6.11-1ubuntu0.1~esm1", "libcroco-tools": "0.6.11-1ubuntu0.1~esm1", "libcroco3-dbgsym": "0.6.11-1ubuntu0.1~esm1", "libcroco3-dev": "0.6.11-1ubuntu0.1~esm1", "libcroco3": "0.6.11-1ubuntu0.1~esm1" } ] }