Libass Project Libass vulnerabilities

CVE-2020-36430 [HIGH] CWE-787 CVE-2020-36430: libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_fon libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction.

CVE-2020-24994 [HIGH] CWE-770 CVE-2020-24994: Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file.

CVE-2020-26682 [HIGH] CWE-190 CVE-2020-26682: In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer ove In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow.

CVE-2016-7969 [HIGH] CWE-125 CVE-2016-7969: The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cau The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization."

CVE-2016-7970 [HIGH] CWE-119 CVE-2016-7970: Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remot Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors.

CVE-2016-7972 [HIGH] CWE-399 CVE-2016-7972: The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attacker The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.