VYPR

Libast

by Libast

CVEs (7)

  • CVE-2016-7972HigMar 3, 2017
    risk 0.49cvss 7.5epss 0.05

    The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.

  • CVE-2016-7970HigMar 3, 2017
    risk 0.49cvss 7.5epss 0.05

    Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors.

  • CVE-2016-7969HigMar 3, 2017
    risk 0.49cvss 7.5epss 0.04

    The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization."

  • CVE-2020-36430HigJul 20, 2021
    risk 0.44cvss 7.8epss 0.01

    libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction.

  • CVE-2020-24994HigMar 23, 2021
    risk 0.00cvss 8.8epss 0.03

    Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file.

  • CVE-2020-26682HigOct 16, 2020
    risk 0.00cvss 8.8epss 0.02

    In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow.

  • CVE-2006-0224Jan 25, 2006
    risk 0.00cvss epss 0.01

    Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 and earlier, as used in Eterm and possibly other software, allows local users to execute arbitrary code as the utmp user via a long -X command line argument (alternative configuration file name).