libcroco: Multiple vulnerabilities — GLSA 201707-13

Multiple vulnerabilities have been found in libcroco, the worst of which may have unspecified impacts.

Affected Packages

dev-libs/libcroco on all architectures
Affected versions < 0.6.12-r1
Unaffected versions >= 0.6.12-r1

Background

libcroco is a standalone CSS2 parsing and manipulation library.

Description

Multiple vulnerabilities have been discovered in libcroco. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could entice a user to open a specially crafted CSS file possibly resulting in a Denial of Service condition or other unspecified impacts.

Workaround

There is no known workaround at this time.

Resolution

All libcroco users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-libs/libcroco-0.6.12-r1"
 

References

Release Date
July 09, 2017

Latest Revision
July 09, 2017: 1

Severity
normal

Exploitable
remote

Bugzilla entries