 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| CVE Kennung: | CVE-2017-7961 |
| Beschreibung: | ** DISPUTED ** The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file. NOTE: third-party analysis reports "This is not a security issue in my view. The conversion surely is truncating the double into a long value, but there is no impact as the value is one of the RGB components." |
| Test Kennungen: | 1.3.6.1.4.1.25623.1.0.890909 |
| Querverweise: |
Common Vulnerability Exposure (CVE) ID: CVE-2017-7961 https://security.gentoo.org/glsa/201707-13 http://openwall.com/lists/oss-security/2017/04/24/2 https://blogs.gentoo.org/ago/2017/04/17/libcroco-heap-overflow-and-undefined-behavior/ https://bugzilla.suse.com/show_bug.cgi?id=1034482 https://git.gnome.org/browse/libcroco/commit/?id=9ad72875e9f08e4c519ef63d44cdbd94aa9504f7 SuSE Security Announcement: openSUSE-SU-2019:1575 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00043.html |