{
  "threat_severity" : "Moderate",
  "public_date" : "2020-05-12T00:00:00Z",
  "bugzilla" : {
    "description" : "libcroco: Stack overflow in function cr_parser_parse_any_core in cr-parser.c",
    "id" : "1835377",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1835377"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-674->CWE-121",
  "details" : [ "libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption.", "A stack overflow flaw was found in libcroco. A service using libcroco's CSS parser could be crashed by a local, authenticated attacker, or an attacker utilizing social engineering, using a crafted input. The highest threat from this vulnerability is to system availability." ],
  "statement" : "While Red Hat Enterprise Linux 6, 7 and 8 ship versions of `libcroco` that are vulnerable to this flaw, the packages which use this library as a dependency would require a user to open a malicious file locally for exploitation. Opening such a file may result in a temporary crash of the application.  See below for more detailed information:\n* Red Hat Enterprise Linux 8 - `libcroco` is a runtime dependency of `gnome-shell`, `gettext` and `inkscape`.\n* Red Hat Enterprise Linux 7 - `libcroco` is a runtime dependency of  `gnome-shell`, `gettext`, `librsvg2` and `inkscape`.\n* Red Hat Enterprise Linux 6 - `libcroco` is required by `firefox` to bundle `gtk3` but `firefox` does not use `libcroco` as its CSS parsing engine or provide gtk3 to other packages, and thus not affected. `libcroco` is a runtime dependency of `inkscape`, `librsvg2` and `gettext`.\nThis flaw has only been demonstrated to cause a crash, but if there is any concern of further exploitation beyond that, Red Hat Enterprise Linux 6, 7, and 8 packages are built with a stack protector and stack ASLR which would significantly reduce the likelihood of further exploitation.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2020-09-29T00:00:00Z",
    "advisory" : "RHSA-2020:4072",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "libcroco-0:0.6.12-6.el7_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2020-09-08T00:00:00Z",
    "advisory" : "RHSA-2020:3654",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "libcroco-0:0.6.12-4.el8_2.1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Out of support scope",
    "package_name" : "libcroco",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "gettext",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "inkscape",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "impact" : "low"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "libcroco",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "gettext",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "inkscape",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "impact" : "low"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "gettext",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "inkscape",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "impact" : "low"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "libcroco",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-12825\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12825" ],
  "name" : "CVE-2020-12825",
  "mitigation" : {
    "value" : "To mitigate this flaw as it applies to gnome-shell, do not install untrusted gnome-shell extensions or themes. Red Hat Enterprise Linux does not ship with gnome-shell themes that will trigger this vulnerability. To mitigate this flaw as it applies to inkscape, do not open untrusted CSS in inkscape.",
    "lang" : "en:us"
  },
  "csaw" : false
}