RHSA-2020:4072

Affecting libcroco package, versions <0:0.6.12-6.el7_9

Report new vulnerabilities
medium severity
Do your applications use this vulnerable package? Test your applications

Overview

Affected versions of this package are vulnerable to RHSA-2020:4072. The libcroco is a standalone Cascading Style Sheet level 2 (CSS2) parsing and manipulation library. Security Fix(es): * libcroco: Stack overflow in function cr_parser_parse_any_core in cr-parser.c (CVE-2020-12825) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade libcroco to version or higher.

References

CVE
RHSA-2020:4072
Snyk ID
SNYK-CENTOS7-LIBCROCO-1014942
Published
01 Oct, 2020