VYPR

rpm package

opensuse/libass&distro=openSUSE Leap 15.2

pkg:rpm/opensuse/libass&distro=openSUSE%20Leap%2015.2

Vulnerabilities (3)

  • CVE-2020-36430HigJul 20, 2021
    affected < 0.14.0-lp152.4.9.1fixed 0.14.0-lp152.4.9.1

    libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction.

  • CVE-2020-24994HigMar 23, 2021
    affected < 0.14.0-lp152.4.6.1fixed 0.14.0-lp152.4.6.1

    Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file.

  • CVE-2020-26682HigOct 16, 2020
    affected < 0.14.0-lp152.4.3.1fixed 0.14.0-lp152.4.3.1

    In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow.