CVE-2017-7960

Name: CVE-2017-7960
Creator: NVD / NIST
Published: 2017-04-19T15:59:00.163+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.00%

Last modified Jun 17, 2026

CVE-2017-7960 is a vulnerability of currently unknown severity. The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file.. EPSS estimates a 2.00% chance of exploitation in the next 30 days.

Description

The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file.

Metrics

EPSS Probability

2.00%

78.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-125

Affected Software

Vendor	Product	Versions
Gnome	Libcroco	0.6.11
Gnome	Libcroco	0.6.12

References

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00043.html
https://blogs.gentoo.org/ago/2017/04/17/libcroco-heap-overflow-and-undefined-behavior/Exploit, Patch, Third Party Advisory
https://git.gnome.org/browse/libcroco/commit/?id=898e3a8c8c0314d2e6b106809a8e3e93cf9d4394Patch, Third Party Advisory
https://security.gentoo.org/glsa/201707-13Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00043.html
https://blogs.gentoo.org/ago/2017/04/17/libcroco-heap-overflow-and-undefined-behavior/Exploit, Patch, Third Party Advisory
https://git.gnome.org/browse/libcroco/commit/?id=898e3a8c8c0314d2e6b106809a8e3e93cf9d4394Patch, Third Party Advisory
https://security.gentoo.org/glsa/201707-13Third Party Advisory

Timeline

Published: Apr 19, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-7960?

The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file.

How severe is CVE-2017-7960?

Severity scoring for CVE-2017-7960 is pending analysis. The EPSS model estimates a 2.00% probability of exploitation in the next 30 days.

How do I fix CVE-2017-7960?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-7960?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST