CVE-2020-36430
https://notcve.org/view.php?id=CVE-2020-36430
libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction. libass versiones 0.15.x anteriores a 0.15.1, presenta un desbordamiento de búfer en la región heap de la memoria en la función decode_chars (llamado desde decode_font y process_text) porque es usado el tipo de datos entero incorrecto para la sustracción • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26674 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libass/OSV-2020-2099.yaml https://github.com/libass/libass/commit/017137471d0043e0321e377ed8da48e45a3ec632 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6JUXFQUJ32GWG5E46A63DFDCYJAF3VU6 https://security.gentoo.org/glsa/202208-13 • CWE-787: Out-of-bounds Write •
CVE-2020-24994
https://notcve.org/view.php?id=CVE-2020-24994
Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file. Un desbordamiento de la pila en la función parse_tag en el archivo libass/ass_parse.c en libass versiones anteriores a 0.15.0, permite a atacantes remotos causar una denegación de servicio o una ejecución de código remota por medio de un archivo diseñado • https://github.com/libass/libass/commit/6835731c2fe4164a0c50bc91d12c43b2a2b4e https://github.com/libass/libass/issues/422 https://github.com/libass/libass/issues/422#issuecomment-806002919 https://github.com/libass/libass/issues/423 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2020-26682
https://notcve.org/view.php?id=CVE-2020-26682
In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow. En libass versión 0.14.0, la llamada de "ass_outline_construct" hacia "outline_stroke" causa un desbordamiento de enteros con signo • http://www.openwall.com/lists/oss-security/2020/11/19/7 https://github.com/libass/libass/issues/431 https://github.com/libass/libass/pull/432 https://security.gentoo.org/glsa/202012-12 • CWE-190: Integer Overflow or Wraparound •
CVE-2016-7969
https://notcve.org/view.php?id=CVE-2016-7969
The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization." La función wrap_lines_smart en ass_render.c en libass en versiones anteriores a 0.13.4 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de vectores no especificados, relacionados con "0/3 ecualización de envoltura de línea". • http://lists.opensuse.org/opensuse-updates/2016-12/msg00068.html http://www.openwall.com/lists/oss-security/2016/10/05/2 http://www.securityfocus.com/bid/93358 https://bugzilla.redhat.com/show_bug.cgi?id=1381960 https://github.com/libass/libass/commit/f4f48950788b91c6a30029cc28a240b834713ea7 https://github.com/libass/libass/releases/tag/0.13.4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC https://lists.fedoraproject.org/archi • CWE-125: Out-of-bounds Read •
CVE-2016-7970
https://notcve.org/view.php?id=CVE-2016-7970
Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors. Desbordamiento de búfer en la función calc_coeff en libass/ass_blur.c en libass en versiones anteriores a 0.13.4 permite a atacantes remotos provocar una denegación de servicio a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2016/10/05/2 http://www.securityfocus.com/bid/93358 https://bugzilla.redhat.com/show_bug.cgi?id=1381960 https://github.com/libass/libass/pull/240/commits/08e754612019ed84d1db0d1fc4f5798248decd75 https://github.com/libass/libass/releases/tag/0.13.4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •