The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.
Weakness
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libcroco | Gnome | 0.6.12 (including) | 0.6.12 (including) |
| Libcroco | Ubuntu | artful | * |
| Libcroco | Ubuntu | bionic | * |
| Libcroco | Ubuntu | cosmic | * |
| Libcroco | Ubuntu | disco | * |
| Libcroco | Ubuntu | eoan | * |
| Libcroco | Ubuntu | esm-infra-legacy/trusty | * |
| Libcroco | Ubuntu | esm-infra/bionic | * |
| Libcroco | Ubuntu | esm-infra/focal | * |
| Libcroco | Ubuntu | esm-infra/xenial | * |
| Libcroco | Ubuntu | focal | * |
| Libcroco | Ubuntu | groovy | * |
| Libcroco | Ubuntu | precise/esm | * |
| Libcroco | Ubuntu | trusty | * |
| Libcroco | Ubuntu | trusty/esm | * |
| Libcroco | Ubuntu | upstream | * |
| Libcroco | Ubuntu | vivid/stable-phone-overlay | * |
| Libcroco | Ubuntu | xenial | * |
| Libcroco | Ubuntu | yakkety | * |
| Libcroco | Ubuntu | zesty | * |
References
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00043.html
- http://www.openwall.com/lists/oss-security/2020/08/13/3
- https://bugzilla.gnome.org/show_bug.cgi?id=782649
- https://www.exploit-db.com/exploits/42147/
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00043.html
- http://www.openwall.com/lists/oss-security/2020/08/13/3
- https://bugzilla.gnome.org/show_bug.cgi?id=782649
- https://www.exploit-db.com/exploits/42147/