CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-36430 – Gentoo Linux Security Advisory 202208-13
https://notcve.org/view.php?id=CVE-2020-36430
20 Jul 2021 — libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction. libass versiones 0.15.x anteriores a 0.15.1, presenta un desbordamiento de búfer en la región heap de la memoria en la función decode_chars (llamado desde decode_font y process_text) porque es usado el tipo de datos entero incorrecto para la sustracción A vulnerability in libass could result in denial of service. Versions less th... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26674 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2020-24994
https://notcve.org/view.php?id=CVE-2020-24994
23 Mar 2021 — Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file. Un desbordamiento de la pila en la función parse_tag en el archivo libass/ass_parse.c en libass versiones anteriores a 0.15.0, permite a atacantes remotos causar una denegación de servicio o una ejecución de código remota por medio de un archivo diseñado • https://github.com/libass/libass/commit/6835731c2fe4164a0c50bc91d12c43b2a2b4e • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2020-26682 – Gentoo Linux Security Advisory 202012-12
https://notcve.org/view.php?id=CVE-2020-26682
16 Oct 2020 — In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow. En libass versión 0.14.0, la llamada de "ass_outline_construct" hacia "outline_stroke" causa un desbordamiento de enteros con signo A vulnerability has been found in libass that could allow a remote attacker to execute arbitrary code. Versions less than 0.15.0 are affected. • http://www.openwall.com/lists/oss-security/2020/11/19/7 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2016-7972 – Gentoo Linux Security Advisory 201702-25
https://notcve.org/view.php?id=CVE-2016-7972
21 Feb 2017 — The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors. La función check_allocations en libass/ass_shaper.c en libass en versiones anteriores a 0.13.4 permite a atacantes remotos provocar una denegación de servicio (fallo de ubicación de memoria) a través de vectores no especificados. Multiple vulnerabilities have been found in libass, the worst of which have unknown impacts. Versi... • http://lists.opensuse.org/opensuse-updates/2016-12/msg00068.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 0CVE-2016-7970 – Gentoo Linux Security Advisory 201702-25
https://notcve.org/view.php?id=CVE-2016-7970
21 Feb 2017 — Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors. Desbordamiento de búfer en la función calc_coeff en libass/ass_blur.c en libass en versiones anteriores a 0.13.4 permite a atacantes remotos provocar una denegación de servicio a través de vectores no especificados. Multiple vulnerabilities have been found in libass, the worst of which have unknown impacts. Versions less than 0.13.4 are affecte... • http://www.openwall.com/lists/oss-security/2016/10/05/2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 0CVE-2016-7969 – Gentoo Linux Security Advisory 201702-25
https://notcve.org/view.php?id=CVE-2016-7969
21 Feb 2017 — The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization." La función wrap_lines_smart en ass_render.c en libass en versiones anteriores a 0.13.4 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de vectores no especificados, relacionados con "0/3 ecualización de envoltura de línea". Multiple vulnerabiliti... • http://lists.opensuse.org/opensuse-updates/2016-12/msg00068.html • CWE-125: Out-of-bounds Read •