VYPR

rpm package

suse/libass&distro=SUSE Linux Enterprise Module for Desktop Applications 15 SP3

pkg:rpm/suse/libass&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP3

Vulnerabilities (2)

  • CVE-2020-36430HigJul 20, 2021
    affected < 0.14.0-3.9.1fixed 0.14.0-3.9.1

    libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction.

  • CVE-2020-24994HigMar 23, 2021
    affected < 0.14.0-3.6.1fixed 0.14.0-3.6.1

    Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file.