← Back

Libass Project

libass_project

6 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Libass
libass
6 CVEs

CVEs (6)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-36430
2Fedoraproject
Libass Project
2Fedora
Libass
Nov 21, 2024
Jul 20, 2021
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction.
CVE-2020-24994
1Libass Project
1Libass
Nov 21, 2024
Mar 23, 2021
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file.
CVE-2020-26682
1Libass Project
1Libass
Nov 21, 2024
Oct 16, 2020
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow.
CVE-2016-7972
3Fedoraproject
Libass ProjectOpensuse
4Fedora
LeapLibass+1 more
May 13, 2026
Mar 3, 2017
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.
CVE-2016-7970
2Fedoraproject
Libass Project
2Fedora
Libass
May 13, 2026
Mar 3, 2017
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2016-7969
3Fedoraproject
Libass ProjectOpensuse
4Fedora
LeapLibass+1 more
May 13, 2026
Mar 3, 2017
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization."