Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

1 – 6 of 6 results

CVE-2020-36430

Medium priority
Ignored

libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction.

1 affected packages

libass

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libass Not affected Not affected Not affected Not affected
Show less packages

CVE-2020-24994

Medium priority

Some fixes available 1 of 5

Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file.

1 affected packages

libass

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libass Not affected Not affected Vulnerable Vulnerable Fixed
Show less packages

CVE-2020-26682

Medium priority
Vulnerable

In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow.

1 affected packages

libass

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libass Not affected Not affected Vulnerable Vulnerable Not affected
Show less packages

CVE-2016-7972

Medium priority

Some fixes available 3 of 4

The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.

1 affected packages

libass

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libass Not affected Not affected Not affected Fixed
Show less packages

CVE-2016-7970

Medium priority

Some fixes available 1 of 2

Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors.

1 affected packages

libass

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libass Not affected Not affected Not affected Fixed
Show less packages

CVE-2016-7969

Low priority

Some fixes available 3 of 4

The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization."

1 affected packages

libass

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libass Not affected Not affected Not affected Fixed
Show less packages