Ubuntu Security Notice 5389-1 - It was discovered that Libcroco was incorrectly accessing data structures when reading bytes from memory, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. It was discovered that Libcroco was incorrectly handling invalid UTF-8 values when processing CSS files. An attacker could possibly use this issue to cause a denial of service.
55f0191b02e02399bd4983d04afd3a49a8ceefe82368abffe402e2f5e947687c
The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco version 0.6.12 can cause a denial of service (memory allocation error) via a crafted CSS file.
366b354d9941351241af58cad87bacc3ce236b5504a9d75b69f7f88ab2e202f7