CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-8834

The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.01

EPSS Ranking 75.6%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.3

References

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00043.html
http://www.openwall.com/lists/oss-security/2020/08/13/3
https://bugzilla.gnome.org/show_bug.cgi?id=782647
https://www.exploit-db.com/exploits/42147/
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00043.html
http://www.openwall.com/lists/oss-security/2020/08/13/3
https://bugzilla.gnome.org/show_bug.cgi?id=782647
https://www.exploit-db.com/exploits/42147/

Products affected by CVE-2017-8834

Gnome » Libcroco » Version: 0.6.12

cpe:2.3:a:gnome:libcroco:0.6.12
Opensuse » Leap » Version: 42.3

cpe:2.3:o:opensuse:leap:42.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-8834

Products

Pricing

Contact Us