CVE-2016-7972 — Libass vulnerability

CWE-3998 documents6 sources

Severity

7.5HIGHNVD

EPSS

3.1%

top 13.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libass Project Libass Debian Libass Fedoraproject Fedora +2 more

Timeline

PublishedMar 3

Latest updateMay 14

Description

The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

▶debiandebian/libass< libass 0.13.4-1 (bookworm)

▶Debianlibass_project/libass< 0.13.4-1+3

▶Ubuntulibass_project/libass< 0.10.1-3ubuntu1+esm1+1

▶NVDlibass_project/libass0.13.3

▶NVDopensuse/leap42.1

Also affects: Fedora 23, 24, 25

Patches

Patch: www.openwall.com ↗Patch: bugzilla.redhat.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-p6w9-gq3p-g5g4: The check_allocations function in libass/ass_shaper↗2022-05-14

▶

OSV

libass vulnerabilities↗2022-05-04

▶

OSV

CVE-2016-7972: The check_allocations function in libass/ass_shaper↗2017-03-03

▶

📋Vendor Advisories

Ubuntu

LibASS vulnerabilities↗2022-05-04

▶

Debian

CVE-2016-7972: libass - The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 al...↗2016

▶

💬Community

Bugzilla

CVE-2016-7969 CVE-2016-7970 CVE-2016-7971 CVE-2016-7972 libass: Multiple issues disclosed with 0.13.4 update [epel-all]↗2016-10-05

▶

Bugzilla

CVE-2016-7969 CVE-2016-7970 CVE-2016-7971 CVE-2016-7972 libass: Multiple issues disclosed with 0.13.4 update [fedora-all]↗2016-10-05

▶