vulnerability

Ubuntu: (Multiple Advisories) (CVE-2017-8834): Libcroco vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:N/A:P)	Jun 12, 2017	Apr 27, 2022	Apr 25, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:N/A:P)

Published

Jun 12, 2017

Added

Apr 27, 2022

Modified

Apr 25, 2025

Description

It was discovered that Libcroco was incorrectly accessing data structures when
reading bytes from memory, which could cause a heap buffer overflow. An attacker
could possibly use this issue to cause a denial of service. (CVE-2017-7960)

It was discovered that Libcroco was incorrectly handling invalid UTF-8 values
when processing CSS files. An attacker could possibly use this issue to cause
a denial of service. (CVE-2017-8834, CVE-2017-8871)

It was discovered that Libcroco was incorrectly implementing recursion in one
of its parsing functions, which could cause an infinite recursion loop and a
stack overflow due to stack consumption. An attacker could possibly use this
issue to cause a denial of service. (CVE-2020-12825)

Solution(s)

ubuntu-pro-upgrade-libcroco-toolsubuntu-pro-upgrade-libcroco3

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today