CVE-2020-12825

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:C

Name of the Vulnerable Software and Affected Versions libcroco versions 0.6.13 and earlier

Description The issue is related to the cr parser parse any core function in the cr-parser.c component of the libcroco library, which is used for working with cascading style sheets (css2). It is associated with uncontrolled recursion. Exploitation of this issue may allow a remote attacker to compromise data integrity and cause a denial of service.

Recommendations For libcroco versions 0.6.13 and earlier, consider disabling the cr parser parse any core function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

ALSA-2020:3654

AZL-11365

AZL-36948

BDU:2023-07618

CESA-2020_3654

CESA-2020_4072

CVE-2020-12825

MGASA-2021-0333

OPENSUSE-SU-2021:1294-1

OPENSUSE-SU-2021:3123-1

OPENSUSE-SU-2021_1294-1

OPENSUSE-SU-2021_3123-1

OPENSUSE-SU-2024:10684-1

OPENSUSE-SU-2024:10797-1

OPENSUSE-SU-2024:10932-1

RHSA-2020:3654

RHSA-2020:4072

RHSA-2020_3654

RHSA-2020_4072

RLSA-2020:3654

SUSE-SU-2021:14800-1

SUSE-SU-2021:3123-1

SUSE-SU-2021_14800-1

SUSE-SU-2021_3123-1

SUSE-SU-2022:2909-1

SUSE-SU-2022:3493-1

SUSE-SU-2022_2909-1

SUSE-SU-2022_3493-1

USN-5389-1

USN-6958-1

Affected Products

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Libcroco

CVE-2020-12825

Weakness Enumeration

Related Identifiers

Affected Products

References · 60