Libast
by Libast
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-7972 | Hig | 0.49 | 7.5 | 0.05 | Mar 3, 2017 | The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors. | ||
| CVE-2016-7970 | Hig | 0.49 | 7.5 | 0.05 | Mar 3, 2017 | Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors. | ||
| CVE-2016-7969 | Hig | 0.49 | 7.5 | 0.04 | Mar 3, 2017 | The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization." | ||
| CVE-2020-36430 | Hig | 0.44 | 7.8 | 0.01 | Jul 20, 2021 | libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction. | ||
| CVE-2020-24994 | Hig | 0.00 | 8.8 | 0.03 | Mar 23, 2021 | Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file. | ||
| CVE-2020-26682 | Hig | 0.00 | 8.8 | 0.02 | Oct 16, 2020 | In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow. | ||
| CVE-2006-0224 | 0.00 | — | 0.01 | Jan 25, 2006 | Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 and earlier, as used in Eterm and possibly other software, allows local users to execute arbitrary code as the utmp user via a long -X command line argument (alternative configuration file name). |
- risk 0.49cvss 7.5epss 0.05
The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.
- risk 0.49cvss 7.5epss 0.05
Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors.
- risk 0.49cvss 7.5epss 0.04
The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization."
- risk 0.44cvss 7.8epss 0.01
libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction.
- risk 0.00cvss 8.8epss 0.03
Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file.
- risk 0.00cvss 8.8epss 0.02
In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow.
- CVE-2006-0224Jan 25, 2006risk 0.00cvss —epss 0.01
Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 and earlier, as used in Eterm and possibly other software, allows local users to execute arbitrary code as the utmp user via a long -X command line argument (alternative configuration file name).