NVD

Id
84995  
Name
CVE-2017-7961  
Description
** DISPUTED ** The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an outside the range of representable values of type long undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file. NOTE: third-party analysis reports This is not a security issue in my view. The conversion surely is truncating the double into a long value, but there is no impact as the value is one of the RGB components.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-07-18  
Published
2017-04-19  
Modified Date
2017-07-10  
Seq
2017-7961  

Actions

Related NVD References

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
66884 JVNDB-2017-003209 libcroco におけるバッファエラーの脆弱性 ** 未確定 ** 本件は、脆弱性として確定していません。 CVE-2017-7961 0 CVE-2017-7961 84995 6.8 7.8 http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-003209.html 2017-04-16 2017-05-19 View