CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
AI Score
Confidence
Low
EPSS
Percentile
76.6%
Software: libcroco 0.6.12
OS: Cobalt 7.9
CVE-ID: CVE-2017-7960
CVE-Crit: MEDIUM
CVE-DESC: The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer re-read) via a crafted CSS file.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2017-8871
CVE-Crit: MEDIUM
CVE-DESC: The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2017-8834
CVE-Crit: MEDIUM
CVE-DESC: The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2020-12825
CVE-Crit: HIGH
CVE-DESC: libcroco before 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, which causes stack consumption.
CVE-STATUS: default
CVE-REV: default
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
AI Score
Confidence
Low
EPSS
Percentile
76.6%