Mikhail Kasimov

**Name of the Vulnerable Software and Affected Versions** libcroco versions 0.6.11 through 0.6.12 **Description** The issue is related to an "outside the range of representable values of type long" undefined behavior in the `cr tknzr parse rgb` function, which could potentially allow remote attackers to cause a denial of service or have unspecified other impact via a crafted CSS file. However, third-party analysis suggests that this might not be a security issue due to the nature of the conversion and its impact. **Recommendations** For libcroco versions 0.6.11 and 0.6.12, consider applying a patch or fix that addresses the undefined behavior in the `cr tknzr parse rgb` function to prevent potential denial of service or other impacts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.