Bug 782649 – libcroco 0.6.12 DoS 2

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 782649 - (CVE-2017-8871) libcroco 0.6.12 DoS 2

(CVE-2017-8871)
Summary:	libcroco 0.6.12 DoS 2


Status:	RESOLVED WONTFIX

Product:	libcroco
Classification:	Core
Component:	General
Version:	0.6.x
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	libcroco maintainers
QA Contact:	libcroco maintainers

URL:
Whiteboard:	gnome[unmaintained]

Depends on:
Blocks:

Reported:	2017-05-15 08:37 UTC by qflb.wu
Modified:	2020-08-11 15:46 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
./csslint-0.6 --dump-location poc2.css (3.77 KB, text/css) 2017-05-15 08:37 UTC, qflb.wu	Details

Description qflb.wu 2017-05-15 08:37:07 UTC

Created attachment 351857 [details]
./csslint-0.6 --dump-location poc2.css

The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 has a bug result in denial of service(infinite loop and CPU consumption) via a crafted CSS file.

./csslint-0.6 --dump-location poc2.css

Comment 1 Alan Coopersmith 2017-06-08 17:13:24 UTC

This was assigned CVE-2017-8871 according to
http://seclists.org/fulldisclosure/2017/Jun/10

Comment 2 Mike Gorse 2019-05-02 16:04:21 UTC

I think that this can be closed as a duplicate of bug 782647. Both are cases of not handling invalid UTF-8.

Comment 3 André Klapper 2020-08-11 15:46:35 UTC

libcroco is not under development anymore. Its codebase has been archived.

Closing this report as WONTFIX as part of Bugzilla Housekeeping to reflect
reality. Please feel free to reopen this ticket (or rather transfer the project
to GNOME Gitlab, as GNOME Bugzilla is being shut down) if anyone takes the
responsibility for active development again.