Libass Security Vulnerabilities and Issues — Libass CVE List

Lucene search

Libass ProjectLibass

6 matches found

CVE•added 2021/07/20 7:15 a.m.•163 views

CVE-2020-36430

libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction.

7.8CVSS7.6AI score0.00126EPSS

CVE•added 2021/03/23 8:15 p.m.•141 views

CVE-2020-24994

Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file.

8.8CVSS8.6AI score0.01605EPSS

CVE•added 2020/10/16 2:15 p.m.•113 views

CVE-2020-26682

In libass 0.14.0, the ass_outline_construct's call to outline_stroke causes a signed integer overflow.

8.8CVSS8.4AI score0.00446EPSS

CVE•added 2017/03/03 4:59 p.m.•71 views

CVE-2016-7972

The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.

7.5CVSS7.1AI score0.02344EPSS

CVE•added 2017/03/03 4:59 p.m.•65 views

CVE-2016-7969

The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization."

7.5CVSS7.2AI score0.05279EPSS

CVE•added 2017/03/03 4:59 p.m.•65 views

CVE-2016-7970

Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors.

7.5CVSS7.3AI score0.0124EPSS