High severity8.8NVD Advisory· Published Mar 23, 2021· Updated Jun 17, 2026
CVE-2020-24994
CVE-2020-24994
Description
Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- libass/libassdescription
- osv-coords4 versionspkg:rpm/opensuse/libass&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/libass&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/libass&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2pkg:rpm/suse/libass&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP3
< 0.14.0-lp152.4.6.1+ 3 more
- (no CPE)range: < 0.14.0-lp152.4.6.1
- (no CPE)range: < 0.14.0-3.6.1
- (no CPE)range: < 0.14.0-3.6.1
- (no CPE)range: < 0.14.0-3.6.1
Patches
Vulnerability mechanics
References
4- github.com/libass/libass/commit/6835731c2fe4164a0c50bc91d12c43b2a2b4envdPatchThird Party Advisory
- github.com/libass/libass/issues/422nvdPatchThird Party Advisory
- github.com/libass/libass/issues/422nvdIssue TrackingPatchThird Party Advisory
- github.com/libass/libass/issues/423nvdThird Party Advisory
News mentions
0No linked articles in our index yet.