VYPR

rpm package

suse/libass&distro=SUSE Linux Enterprise High Performance Computing 15-LTSS

pkg:rpm/suse/libass&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS

Vulnerabilities (2)

  • CVE-2020-36430HigJul 20, 2021
    affected < 0.14.0-3.9.1fixed 0.14.0-3.9.1

    libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction.

  • CVE-2020-26682HigOct 16, 2020
    affected < 0.14.0-3.3.1fixed 0.14.0-3.3.1

    In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow.