Debian Libass vulnerabilities

6 known vulnerabilities affecting debian/libass.

Total CVEs

6

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH6

Vulnerabilities

Page 1 of 1

CVE-2020-26682HIGHCVSS 8.8fixed in libass 1:0.15.0-1 (bookworm)2020

CVE-2020-26682 [HIGH] CVE-2020-26682: libass - In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes ... In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow. Scope: local bookworm: resolved (fixed in 1:0.15.0-1) bullseye: resolved (fixed in 1:0.15.0-1) forky: resolved (fixed in 1:0.15.0-1) sid: resolved (fixed in 1:0.15.0-1) trixie: resolved (fixed in 1:0.15.0-1)

CVE-2020-24994HIGHCVSS 8.8fixed in libass 1:0.15.0-1 (bookworm)2020

CVE-2020-24994 [HIGH] CVE-2020-24994: libass - Stack overflow in the parse_tag function in libass/ass_parse.c in libass before ... Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file. Scope: local bookworm: resolved (fixed in 1:0.15.0-1) bullseye: resolved (fixed in 1:0.15.0-1) forky: resolved (fixed in 1:0.15.0-1) sid: resolved (fixed in 1:0.15.0-1) trixie: resolve

CVE-2020-36430HIGHCVSS 7.8fixed in libass 1:0.15.0-2 (bookworm)2020

CVE-2020-36430 [HIGH] CVE-2020-36430: libass - libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (ca... libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction. Scope: local bookworm: resolved (fixed in 1:0.15.0-2) bullseye: resolved (fixed in 1:0.15.0-2) forky: resolved (fixed in 1:0.15.0-2) sid: resolved (fixed in 1:0.15.0-2) trixie: resolved (f

CVE-2016-7970HIGHCVSS 7.5fixed in libass 0.13.4-1 (bookworm)2016

CVE-2016-7970 [HIGH] CVE-2016-7970: libass - Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before... Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors. Scope: local bookworm: resolved (fixed in 0.13.4-1) bullseye: resolved (fixed in 0.13.4-1) forky: resolved (fixed in 0.13.4-1) sid: resolved (fixed in 0.13.4-1) trixie: resolved (fixed in 0.13.4-1)

CVE-2016-7972HIGHCVSS 7.5fixed in libass 0.13.4-1 (bookworm)2016

CVE-2016-7972 [HIGH] CVE-2016-7972: libass - The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 al... The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors. Scope: local bookworm: resolved (fixed in 0.13.4-1) bullseye: resolved (fixed in 0.13.4-1) forky: resolved (fixed in 0.13.4-1) sid: resolved (fixed in 0.13.4-1) trixie: resolved (fixed in

CVE-2016-7969HIGHCVSS 7.5fixed in libass 0.13.4-1 (bookworm)2016

CVE-2016-7969 [HIGH] CVE-2016-7969: libass - The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows rem... The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization." Scope: local bookworm: resolved (fixed in 0.13.4-1) bullseye: resolved (fixed in 0.13.4-1) forky: resolved (fixed in 0.13.4-1) sid: resolved (fixed in 0.13.4