VYPR

rpm package

suse/libass&distro=SUSE Linux Enterprise Server 15 SP1-LTSS

pkg:rpm/suse/libass&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS

Vulnerabilities (2)

  • CVE-2020-36430HigJul 20, 2021
    affected < 0.14.0-3.9.1fixed 0.14.0-3.9.1

    libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction.

  • CVE-2020-26682HigOct 16, 2020
    affected < 0.14.0-3.3.1fixed 0.14.0-3.3.1

    In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow.