The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Libcroco | Gnome | 0.6.12 (including) | 0.6.12 (including) |
Libcroco | Ubuntu | artful | * |
Libcroco | Ubuntu | bionic | * |
Libcroco | Ubuntu | cosmic | * |
Libcroco | Ubuntu | disco | * |
Libcroco | Ubuntu | eoan | * |
Libcroco | Ubuntu | esm-infra/bionic | * |
Libcroco | Ubuntu | esm-infra/xenial | * |
Libcroco | Ubuntu | focal | * |
Libcroco | Ubuntu | groovy | * |
Libcroco | Ubuntu | precise/esm | * |
Libcroco | Ubuntu | trusty | * |
Libcroco | Ubuntu | trusty/esm | * |
Libcroco | Ubuntu | upstream | * |
Libcroco | Ubuntu | vivid/stable-phone-overlay | * |
Libcroco | Ubuntu | xenial | * |
Libcroco | Ubuntu | yakkety | * |
Libcroco | Ubuntu | zesty | * |