The crinputnewfromuri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file.
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "low", "binaries": [ { "binary_version": "0.6.8-2ubuntu1+esm1", "binary_name": "libcroco-tools" }, { "binary_version": "0.6.8-2ubuntu1+esm1", "binary_name": "libcroco-tools-dbgsym" }, { "binary_version": "0.6.8-2ubuntu1+esm1", "binary_name": "libcroco3" }, { "binary_version": "0.6.8-2ubuntu1+esm1", "binary_name": "libcroco3-dbgsym" }, { "binary_version": "0.6.8-2ubuntu1+esm1", "binary_name": "libcroco3-dev" } ] }
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "low", "binaries": [ { "binary_version": "0.6.11-1ubuntu0.1~esm1", "binary_name": "libcroco-tools" }, { "binary_version": "0.6.11-1ubuntu0.1~esm1", "binary_name": "libcroco-tools-dbgsym" }, { "binary_version": "0.6.11-1ubuntu0.1~esm1", "binary_name": "libcroco3" }, { "binary_version": "0.6.11-1ubuntu0.1~esm1", "binary_name": "libcroco3-dbgsym" }, { "binary_version": "0.6.11-1ubuntu0.1~esm1", "binary_name": "libcroco3-dev" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "binary_version": "0.6.13-1", "binary_name": "libcroco-tools" }, { "binary_version": "0.6.13-1", "binary_name": "libcroco-tools-dbgsym" }, { "binary_version": "0.6.13-1", "binary_name": "libcroco3" }, { "binary_version": "0.6.13-1", "binary_name": "libcroco3-dbgsym" }, { "binary_version": "0.6.13-1", "binary_name": "libcroco3-dev" } ] }