View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2017-8871 severity low: SUSE including 35 source package names (libcroco, libcroco-0.6.11-12.3.1, …), 91 product×package rows across 49 product lines (Image SLES12-SP5-Azure-BYOS, Image SLES12-SP5-Azure-Basic-On-Demand, … (49 product lines)): Fixed 87, Known Not Affected 4.
The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.