Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities found for libass by libass_project
CVE-2020-36430 (GCVE-0-2020-36430)
Vulnerability from cvelistv5 – Published: 2021-07-20 06:47 – Updated: 2024-08-04 17:30
VLAI
Summary
libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/google/oss-fuzz-vulns/blob/mai… | x_refsource_MISC |
| https://bugs.chromium.org/p/oss-fuzz/issues/detai… | x_refsource_MISC |
| https://github.com/libass/libass/commit/017137471… | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://security.gentoo.org/glsa/202208-13 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:30:08.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libass/OSV-2020-2099.yaml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26674"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libass/libass/commit/017137471d0043e0321e377ed8da48e45a3ec632"
},
{
"name": "FEDORA-2022-2af150223a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6JUXFQUJ32GWG5E46A63DFDCYJAF3VU6/"
},
{
"name": "GLSA-202208-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-10T05:06:33.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libass/OSV-2020-2099.yaml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26674"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libass/libass/commit/017137471d0043e0321e377ed8da48e45a3ec632"
},
{
"name": "FEDORA-2022-2af150223a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6JUXFQUJ32GWG5E46A63DFDCYJAF3VU6/"
},
{
"name": "GLSA-202208-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-13"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-36430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libass/OSV-2020-2099.yaml",
"refsource": "MISC",
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libass/OSV-2020-2099.yaml"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26674",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26674"
},
{
"name": "https://github.com/libass/libass/commit/017137471d0043e0321e377ed8da48e45a3ec632",
"refsource": "MISC",
"url": "https://github.com/libass/libass/commit/017137471d0043e0321e377ed8da48e45a3ec632"
},
{
"name": "FEDORA-2022-2af150223a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JUXFQUJ32GWG5E46A63DFDCYJAF3VU6/"
},
{
"name": "GLSA-202208-13",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-13"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-36430",
"datePublished": "2021-07-20T06:47:14.000Z",
"dateReserved": "2021-07-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:30:08.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24994 (GCVE-0-2020-24994)
Vulnerability from cvelistv5 – Published: 2021-03-23 19:32 – Updated: 2024-08-04 15:26
VLAI
Summary
Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/libass/libass/issues/422 | x_refsource_MISC |
| https://github.com/libass/libass/issues/423 | x_refsource_MISC |
| https://github.com/libass/libass/issues/422#issue… | x_refsource_MISC |
| https://github.com/libass/libass/commit/6835731c2… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:08.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libass/libass/issues/422"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libass/libass/issues/423"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libass/libass/issues/422#issuecomment-806002919"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libass/libass/commit/6835731c2fe4164a0c50bc91d12c43b2a2b4e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-19T18:36:19.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libass/libass/issues/422"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libass/libass/issues/423"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libass/libass/issues/422#issuecomment-806002919"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libass/libass/commit/6835731c2fe4164a0c50bc91d12c43b2a2b4e"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/libass/libass/issues/422",
"refsource": "MISC",
"url": "https://github.com/libass/libass/issues/422"
},
{
"name": "https://github.com/libass/libass/issues/423",
"refsource": "MISC",
"url": "https://github.com/libass/libass/issues/423"
},
{
"name": "https://github.com/libass/libass/issues/422#issuecomment-806002919",
"refsource": "MISC",
"url": "https://github.com/libass/libass/issues/422#issuecomment-806002919"
},
{
"name": "https://github.com/libass/libass/commit/6835731c2fe4164a0c50bc91d12c43b2a2b4e",
"refsource": "MISC",
"url": "https://github.com/libass/libass/commit/6835731c2fe4164a0c50bc91d12c43b2a2b4e"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24994",
"datePublished": "2021-03-23T19:32:27.000Z",
"dateReserved": "2020-08-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:26:08.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26682 (GCVE-0-2020-26682)
Vulnerability from cvelistv5 – Published: 2020-10-16 13:19 – Updated: 2024-08-04 15:56
VLAI
Summary
In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/libass/libass/issues/431 | x_refsource_MISC |
| https://github.com/libass/libass/pull/432 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2020/11/19/7 | mailing-listx_refsource_MLIST |
| https://security.gentoo.org/glsa/202012-12 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:05.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libass/libass/issues/431"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libass/libass/pull/432"
},
{
"name": "[oss-security] 20201119 Re: libass ass_outline.c signed integer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/11/19/7"
},
{
"name": "GLSA-202012-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202012-12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In libass 0.14.0, the `ass_outline_construct`\u0027s call to `outline_stroke` causes a signed integer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-23T21:06:27.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libass/libass/issues/431"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libass/libass/pull/432"
},
{
"name": "[oss-security] 20201119 Re: libass ass_outline.c signed integer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/11/19/7"
},
{
"name": "GLSA-202012-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202012-12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In libass 0.14.0, the `ass_outline_construct`\u0027s call to `outline_stroke` causes a signed integer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/libass/libass/issues/431",
"refsource": "MISC",
"url": "https://github.com/libass/libass/issues/431"
},
{
"name": "https://github.com/libass/libass/pull/432",
"refsource": "MISC",
"url": "https://github.com/libass/libass/pull/432"
},
{
"name": "[oss-security] 20201119 Re: libass ass_outline.c signed integer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/11/19/7"
},
{
"name": "GLSA-202012-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202012-12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26682",
"datePublished": "2020-10-16T13:19:23.000Z",
"dateReserved": "2020-10-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:56:05.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7970 (GCVE-0-2016-7970)
Vulnerability from cvelistv5 – Published: 2017-03-03 16:00 – Updated: 2024-08-06 02:13
VLAI
Summary
Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://security.gentoo.org/glsa/201702-25 | vendor-advisoryx_refsource_GENTOO |
| http://www.securityfocus.com/bid/93358 | vdb-entryx_refsource_BID |
| https://github.com/libass/libass/releases/tag/0.13.4 | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://bugzilla.redhat.com/show_bug.cgi?id=1381960 | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| http://www.openwall.com/lists/oss-security/2016/10/05/2 | mailing-listx_refsource_MLIST |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://github.com/libass/libass/pull/240/commits… | x_refsource_CONFIRM |
Date Public
2016-10-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201702-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-25"
},
{
"name": "93358",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93358"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libass/libass/releases/tag/0.13.4"
},
{
"name": "FEDORA-2016-282507c3e9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381960"
},
{
"name": "FEDORA-2016-d2a05a0644",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUOUOK3VULMMZTNSCRFCNPDAPDWAVK7X/"
},
{
"name": "[oss-security] 20161004 Re: Handful of libass issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/2"
},
{
"name": "FEDORA-2016-95407a836f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7JJ2SGVOX6UQQIRMVC3QACJLKHE2PYN/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libass/libass/pull/240/commits/08e754612019ed84d1db0d1fc4f5798248decd75"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-03T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201702-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-25"
},
{
"name": "93358",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93358"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libass/libass/releases/tag/0.13.4"
},
{
"name": "FEDORA-2016-282507c3e9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381960"
},
{
"name": "FEDORA-2016-d2a05a0644",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUOUOK3VULMMZTNSCRFCNPDAPDWAVK7X/"
},
{
"name": "[oss-security] 20161004 Re: Handful of libass issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/2"
},
{
"name": "FEDORA-2016-95407a836f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7JJ2SGVOX6UQQIRMVC3QACJLKHE2PYN/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libass/libass/pull/240/commits/08e754612019ed84d1db0d1fc4f5798248decd75"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201702-25",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-25"
},
{
"name": "93358",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93358"
},
{
"name": "https://github.com/libass/libass/releases/tag/0.13.4",
"refsource": "CONFIRM",
"url": "https://github.com/libass/libass/releases/tag/0.13.4"
},
{
"name": "FEDORA-2016-282507c3e9",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1381960",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381960"
},
{
"name": "FEDORA-2016-d2a05a0644",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUOUOK3VULMMZTNSCRFCNPDAPDWAVK7X/"
},
{
"name": "[oss-security] 20161004 Re: Handful of libass issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/2"
},
{
"name": "FEDORA-2016-95407a836f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7JJ2SGVOX6UQQIRMVC3QACJLKHE2PYN/"
},
{
"name": "https://github.com/libass/libass/pull/240/commits/08e754612019ed84d1db0d1fc4f5798248decd75",
"refsource": "CONFIRM",
"url": "https://github.com/libass/libass/pull/240/commits/08e754612019ed84d1db0d1fc4f5798248decd75"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7970",
"datePublished": "2017-03-03T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:13:21.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7972 (GCVE-0-2016-7972)
Vulnerability from cvelistv5 – Published: 2017-03-03 16:00 – Updated: 2024-08-06 02:13
VLAI
Summary
The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://security.gentoo.org/glsa/201702-25 | vendor-advisoryx_refsource_GENTOO |
| https://github.com/libass/libass/pull/240/commits… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/93358 | vdb-entryx_refsource_BID |
| https://github.com/libass/libass/releases/tag/0.13.4 | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://bugzilla.redhat.com/show_bug.cgi?id=1381960 | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| http://lists.opensuse.org/opensuse-updates/2016-1… | vendor-advisoryx_refsource_SUSE |
| http://www.openwall.com/lists/oss-security/2016/10/05/2 | mailing-listx_refsource_MLIST |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
Date Public
2016-10-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201702-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-25"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libass/libass/pull/240/commits/aa54e0b59200a994d50a346b5d7ac818ebcf2d4b"
},
{
"name": "93358",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93358"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libass/libass/releases/tag/0.13.4"
},
{
"name": "FEDORA-2016-282507c3e9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381960"
},
{
"name": "FEDORA-2016-d2a05a0644",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUOUOK3VULMMZTNSCRFCNPDAPDWAVK7X/"
},
{
"name": "openSUSE-SU-2016:3087",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00068.html"
},
{
"name": "[oss-security] 20161004 Re: Handful of libass issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/2"
},
{
"name": "FEDORA-2016-95407a836f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7JJ2SGVOX6UQQIRMVC3QACJLKHE2PYN/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-03T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201702-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-25"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libass/libass/pull/240/commits/aa54e0b59200a994d50a346b5d7ac818ebcf2d4b"
},
{
"name": "93358",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93358"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libass/libass/releases/tag/0.13.4"
},
{
"name": "FEDORA-2016-282507c3e9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381960"
},
{
"name": "FEDORA-2016-d2a05a0644",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUOUOK3VULMMZTNSCRFCNPDAPDWAVK7X/"
},
{
"name": "openSUSE-SU-2016:3087",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00068.html"
},
{
"name": "[oss-security] 20161004 Re: Handful of libass issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/2"
},
{
"name": "FEDORA-2016-95407a836f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7JJ2SGVOX6UQQIRMVC3QACJLKHE2PYN/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201702-25",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-25"
},
{
"name": "https://github.com/libass/libass/pull/240/commits/aa54e0b59200a994d50a346b5d7ac818ebcf2d4b",
"refsource": "CONFIRM",
"url": "https://github.com/libass/libass/pull/240/commits/aa54e0b59200a994d50a346b5d7ac818ebcf2d4b"
},
{
"name": "93358",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93358"
},
{
"name": "https://github.com/libass/libass/releases/tag/0.13.4",
"refsource": "CONFIRM",
"url": "https://github.com/libass/libass/releases/tag/0.13.4"
},
{
"name": "FEDORA-2016-282507c3e9",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1381960",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381960"
},
{
"name": "FEDORA-2016-d2a05a0644",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUOUOK3VULMMZTNSCRFCNPDAPDWAVK7X/"
},
{
"name": "openSUSE-SU-2016:3087",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00068.html"
},
{
"name": "[oss-security] 20161004 Re: Handful of libass issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/2"
},
{
"name": "FEDORA-2016-95407a836f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7JJ2SGVOX6UQQIRMVC3QACJLKHE2PYN/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7972",
"datePublished": "2017-03-03T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:13:21.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7969 (GCVE-0-2016-7969)
Vulnerability from cvelistv5 – Published: 2017-03-03 16:00 – Updated: 2024-08-06 02:13
VLAI
Summary
The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://security.gentoo.org/glsa/201702-25 | vendor-advisoryx_refsource_GENTOO |
| http://www.securityfocus.com/bid/93358 | vdb-entryx_refsource_BID |
| https://github.com/libass/libass/releases/tag/0.13.4 | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://bugzilla.redhat.com/show_bug.cgi?id=1381960 | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| http://lists.opensuse.org/opensuse-updates/2016-1… | vendor-advisoryx_refsource_SUSE |
| http://www.openwall.com/lists/oss-security/2016/10/05/2 | mailing-listx_refsource_MLIST |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://github.com/libass/libass/commit/f4f489507… | x_refsource_CONFIRM |
Date Public
2016-10-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201702-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-25"
},
{
"name": "93358",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93358"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libass/libass/releases/tag/0.13.4"
},
{
"name": "FEDORA-2016-282507c3e9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381960"
},
{
"name": "FEDORA-2016-d2a05a0644",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUOUOK3VULMMZTNSCRFCNPDAPDWAVK7X/"
},
{
"name": "openSUSE-SU-2016:3087",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00068.html"
},
{
"name": "[oss-security] 20161004 Re: Handful of libass issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/2"
},
{
"name": "FEDORA-2016-95407a836f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7JJ2SGVOX6UQQIRMVC3QACJLKHE2PYN/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libass/libass/commit/f4f48950788b91c6a30029cc28a240b834713ea7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to \"0/3 line wrapping equalization.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-08T17:28:51.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201702-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-25"
},
{
"name": "93358",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93358"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libass/libass/releases/tag/0.13.4"
},
{
"name": "FEDORA-2016-282507c3e9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381960"
},
{
"name": "FEDORA-2016-d2a05a0644",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUOUOK3VULMMZTNSCRFCNPDAPDWAVK7X/"
},
{
"name": "openSUSE-SU-2016:3087",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00068.html"
},
{
"name": "[oss-security] 20161004 Re: Handful of libass issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/2"
},
{
"name": "FEDORA-2016-95407a836f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7JJ2SGVOX6UQQIRMVC3QACJLKHE2PYN/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libass/libass/commit/f4f48950788b91c6a30029cc28a240b834713ea7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to \"0/3 line wrapping equalization.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201702-25",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-25"
},
{
"name": "93358",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93358"
},
{
"name": "https://github.com/libass/libass/releases/tag/0.13.4",
"refsource": "CONFIRM",
"url": "https://github.com/libass/libass/releases/tag/0.13.4"
},
{
"name": "FEDORA-2016-282507c3e9",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1381960",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381960"
},
{
"name": "FEDORA-2016-d2a05a0644",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUOUOK3VULMMZTNSCRFCNPDAPDWAVK7X/"
},
{
"name": "openSUSE-SU-2016:3087",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00068.html"
},
{
"name": "[oss-security] 20161004 Re: Handful of libass issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/2"
},
{
"name": "FEDORA-2016-95407a836f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7JJ2SGVOX6UQQIRMVC3QACJLKHE2PYN/"
},
{
"name": "https://github.com/libass/libass/commit/f4f48950788b91c6a30029cc28a240b834713ea7",
"refsource": "CONFIRM",
"url": "https://github.com/libass/libass/commit/f4f48950788b91c6a30029cc28a240b834713ea7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7969",
"datePublished": "2017-03-03T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:13:21.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36430 (GCVE-0-2020-36430)
Vulnerability from nvd – Published: 2021-07-20 06:47 – Updated: 2024-08-04 17:30
VLAI
Summary
libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/google/oss-fuzz-vulns/blob/mai… | x_refsource_MISC |
| https://bugs.chromium.org/p/oss-fuzz/issues/detai… | x_refsource_MISC |
| https://github.com/libass/libass/commit/017137471… | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://security.gentoo.org/glsa/202208-13 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:30:08.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libass/OSV-2020-2099.yaml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26674"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libass/libass/commit/017137471d0043e0321e377ed8da48e45a3ec632"
},
{
"name": "FEDORA-2022-2af150223a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6JUXFQUJ32GWG5E46A63DFDCYJAF3VU6/"
},
{
"name": "GLSA-202208-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-10T05:06:33.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libass/OSV-2020-2099.yaml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26674"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libass/libass/commit/017137471d0043e0321e377ed8da48e45a3ec632"
},
{
"name": "FEDORA-2022-2af150223a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6JUXFQUJ32GWG5E46A63DFDCYJAF3VU6/"
},
{
"name": "GLSA-202208-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-13"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-36430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libass/OSV-2020-2099.yaml",
"refsource": "MISC",
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libass/OSV-2020-2099.yaml"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26674",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26674"
},
{
"name": "https://github.com/libass/libass/commit/017137471d0043e0321e377ed8da48e45a3ec632",
"refsource": "MISC",
"url": "https://github.com/libass/libass/commit/017137471d0043e0321e377ed8da48e45a3ec632"
},
{
"name": "FEDORA-2022-2af150223a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JUXFQUJ32GWG5E46A63DFDCYJAF3VU6/"
},
{
"name": "GLSA-202208-13",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-13"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-36430",
"datePublished": "2021-07-20T06:47:14.000Z",
"dateReserved": "2021-07-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:30:08.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24994 (GCVE-0-2020-24994)
Vulnerability from nvd – Published: 2021-03-23 19:32 – Updated: 2024-08-04 15:26
VLAI
Summary
Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/libass/libass/issues/422 | x_refsource_MISC |
| https://github.com/libass/libass/issues/423 | x_refsource_MISC |
| https://github.com/libass/libass/issues/422#issue… | x_refsource_MISC |
| https://github.com/libass/libass/commit/6835731c2… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:08.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libass/libass/issues/422"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libass/libass/issues/423"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libass/libass/issues/422#issuecomment-806002919"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libass/libass/commit/6835731c2fe4164a0c50bc91d12c43b2a2b4e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-19T18:36:19.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libass/libass/issues/422"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libass/libass/issues/423"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libass/libass/issues/422#issuecomment-806002919"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libass/libass/commit/6835731c2fe4164a0c50bc91d12c43b2a2b4e"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/libass/libass/issues/422",
"refsource": "MISC",
"url": "https://github.com/libass/libass/issues/422"
},
{
"name": "https://github.com/libass/libass/issues/423",
"refsource": "MISC",
"url": "https://github.com/libass/libass/issues/423"
},
{
"name": "https://github.com/libass/libass/issues/422#issuecomment-806002919",
"refsource": "MISC",
"url": "https://github.com/libass/libass/issues/422#issuecomment-806002919"
},
{
"name": "https://github.com/libass/libass/commit/6835731c2fe4164a0c50bc91d12c43b2a2b4e",
"refsource": "MISC",
"url": "https://github.com/libass/libass/commit/6835731c2fe4164a0c50bc91d12c43b2a2b4e"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24994",
"datePublished": "2021-03-23T19:32:27.000Z",
"dateReserved": "2020-08-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:26:08.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26682 (GCVE-0-2020-26682)
Vulnerability from nvd – Published: 2020-10-16 13:19 – Updated: 2024-08-04 15:56
VLAI
Summary
In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/libass/libass/issues/431 | x_refsource_MISC |
| https://github.com/libass/libass/pull/432 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2020/11/19/7 | mailing-listx_refsource_MLIST |
| https://security.gentoo.org/glsa/202012-12 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:05.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libass/libass/issues/431"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libass/libass/pull/432"
},
{
"name": "[oss-security] 20201119 Re: libass ass_outline.c signed integer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/11/19/7"
},
{
"name": "GLSA-202012-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202012-12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In libass 0.14.0, the `ass_outline_construct`\u0027s call to `outline_stroke` causes a signed integer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-23T21:06:27.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libass/libass/issues/431"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libass/libass/pull/432"
},
{
"name": "[oss-security] 20201119 Re: libass ass_outline.c signed integer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/11/19/7"
},
{
"name": "GLSA-202012-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202012-12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In libass 0.14.0, the `ass_outline_construct`\u0027s call to `outline_stroke` causes a signed integer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/libass/libass/issues/431",
"refsource": "MISC",
"url": "https://github.com/libass/libass/issues/431"
},
{
"name": "https://github.com/libass/libass/pull/432",
"refsource": "MISC",
"url": "https://github.com/libass/libass/pull/432"
},
{
"name": "[oss-security] 20201119 Re: libass ass_outline.c signed integer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/11/19/7"
},
{
"name": "GLSA-202012-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202012-12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26682",
"datePublished": "2020-10-16T13:19:23.000Z",
"dateReserved": "2020-10-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:56:05.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7972 (GCVE-0-2016-7972)
Vulnerability from nvd – Published: 2017-03-03 16:00 – Updated: 2024-08-06 02:13
VLAI
Summary
The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://security.gentoo.org/glsa/201702-25 | vendor-advisoryx_refsource_GENTOO |
| https://github.com/libass/libass/pull/240/commits… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/93358 | vdb-entryx_refsource_BID |
| https://github.com/libass/libass/releases/tag/0.13.4 | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://bugzilla.redhat.com/show_bug.cgi?id=1381960 | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| http://lists.opensuse.org/opensuse-updates/2016-1… | vendor-advisoryx_refsource_SUSE |
| http://www.openwall.com/lists/oss-security/2016/10/05/2 | mailing-listx_refsource_MLIST |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
Date Public
2016-10-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201702-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-25"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libass/libass/pull/240/commits/aa54e0b59200a994d50a346b5d7ac818ebcf2d4b"
},
{
"name": "93358",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93358"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libass/libass/releases/tag/0.13.4"
},
{
"name": "FEDORA-2016-282507c3e9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381960"
},
{
"name": "FEDORA-2016-d2a05a0644",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUOUOK3VULMMZTNSCRFCNPDAPDWAVK7X/"
},
{
"name": "openSUSE-SU-2016:3087",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00068.html"
},
{
"name": "[oss-security] 20161004 Re: Handful of libass issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/2"
},
{
"name": "FEDORA-2016-95407a836f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7JJ2SGVOX6UQQIRMVC3QACJLKHE2PYN/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-03T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201702-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-25"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libass/libass/pull/240/commits/aa54e0b59200a994d50a346b5d7ac818ebcf2d4b"
},
{
"name": "93358",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93358"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libass/libass/releases/tag/0.13.4"
},
{
"name": "FEDORA-2016-282507c3e9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381960"
},
{
"name": "FEDORA-2016-d2a05a0644",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUOUOK3VULMMZTNSCRFCNPDAPDWAVK7X/"
},
{
"name": "openSUSE-SU-2016:3087",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00068.html"
},
{
"name": "[oss-security] 20161004 Re: Handful of libass issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/2"
},
{
"name": "FEDORA-2016-95407a836f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7JJ2SGVOX6UQQIRMVC3QACJLKHE2PYN/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201702-25",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-25"
},
{
"name": "https://github.com/libass/libass/pull/240/commits/aa54e0b59200a994d50a346b5d7ac818ebcf2d4b",
"refsource": "CONFIRM",
"url": "https://github.com/libass/libass/pull/240/commits/aa54e0b59200a994d50a346b5d7ac818ebcf2d4b"
},
{
"name": "93358",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93358"
},
{
"name": "https://github.com/libass/libass/releases/tag/0.13.4",
"refsource": "CONFIRM",
"url": "https://github.com/libass/libass/releases/tag/0.13.4"
},
{
"name": "FEDORA-2016-282507c3e9",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1381960",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381960"
},
{
"name": "FEDORA-2016-d2a05a0644",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUOUOK3VULMMZTNSCRFCNPDAPDWAVK7X/"
},
{
"name": "openSUSE-SU-2016:3087",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00068.html"
},
{
"name": "[oss-security] 20161004 Re: Handful of libass issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/2"
},
{
"name": "FEDORA-2016-95407a836f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7JJ2SGVOX6UQQIRMVC3QACJLKHE2PYN/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7972",
"datePublished": "2017-03-03T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:13:21.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7970 (GCVE-0-2016-7970)
Vulnerability from nvd – Published: 2017-03-03 16:00 – Updated: 2024-08-06 02:13
VLAI
Summary
Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://security.gentoo.org/glsa/201702-25 | vendor-advisoryx_refsource_GENTOO |
| http://www.securityfocus.com/bid/93358 | vdb-entryx_refsource_BID |
| https://github.com/libass/libass/releases/tag/0.13.4 | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://bugzilla.redhat.com/show_bug.cgi?id=1381960 | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| http://www.openwall.com/lists/oss-security/2016/10/05/2 | mailing-listx_refsource_MLIST |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://github.com/libass/libass/pull/240/commits… | x_refsource_CONFIRM |
Date Public
2016-10-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201702-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-25"
},
{
"name": "93358",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93358"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libass/libass/releases/tag/0.13.4"
},
{
"name": "FEDORA-2016-282507c3e9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381960"
},
{
"name": "FEDORA-2016-d2a05a0644",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUOUOK3VULMMZTNSCRFCNPDAPDWAVK7X/"
},
{
"name": "[oss-security] 20161004 Re: Handful of libass issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/2"
},
{
"name": "FEDORA-2016-95407a836f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7JJ2SGVOX6UQQIRMVC3QACJLKHE2PYN/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libass/libass/pull/240/commits/08e754612019ed84d1db0d1fc4f5798248decd75"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-03T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201702-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-25"
},
{
"name": "93358",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93358"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libass/libass/releases/tag/0.13.4"
},
{
"name": "FEDORA-2016-282507c3e9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381960"
},
{
"name": "FEDORA-2016-d2a05a0644",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUOUOK3VULMMZTNSCRFCNPDAPDWAVK7X/"
},
{
"name": "[oss-security] 20161004 Re: Handful of libass issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/2"
},
{
"name": "FEDORA-2016-95407a836f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7JJ2SGVOX6UQQIRMVC3QACJLKHE2PYN/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libass/libass/pull/240/commits/08e754612019ed84d1db0d1fc4f5798248decd75"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201702-25",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-25"
},
{
"name": "93358",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93358"
},
{
"name": "https://github.com/libass/libass/releases/tag/0.13.4",
"refsource": "CONFIRM",
"url": "https://github.com/libass/libass/releases/tag/0.13.4"
},
{
"name": "FEDORA-2016-282507c3e9",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1381960",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381960"
},
{
"name": "FEDORA-2016-d2a05a0644",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUOUOK3VULMMZTNSCRFCNPDAPDWAVK7X/"
},
{
"name": "[oss-security] 20161004 Re: Handful of libass issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/2"
},
{
"name": "FEDORA-2016-95407a836f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7JJ2SGVOX6UQQIRMVC3QACJLKHE2PYN/"
},
{
"name": "https://github.com/libass/libass/pull/240/commits/08e754612019ed84d1db0d1fc4f5798248decd75",
"refsource": "CONFIRM",
"url": "https://github.com/libass/libass/pull/240/commits/08e754612019ed84d1db0d1fc4f5798248decd75"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7970",
"datePublished": "2017-03-03T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:13:21.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7969 (GCVE-0-2016-7969)
Vulnerability from nvd – Published: 2017-03-03 16:00 – Updated: 2024-08-06 02:13
VLAI
Summary
The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://security.gentoo.org/glsa/201702-25 | vendor-advisoryx_refsource_GENTOO |
| http://www.securityfocus.com/bid/93358 | vdb-entryx_refsource_BID |
| https://github.com/libass/libass/releases/tag/0.13.4 | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://bugzilla.redhat.com/show_bug.cgi?id=1381960 | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| http://lists.opensuse.org/opensuse-updates/2016-1… | vendor-advisoryx_refsource_SUSE |
| http://www.openwall.com/lists/oss-security/2016/10/05/2 | mailing-listx_refsource_MLIST |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://github.com/libass/libass/commit/f4f489507… | x_refsource_CONFIRM |
Date Public
2016-10-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201702-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-25"
},
{
"name": "93358",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93358"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libass/libass/releases/tag/0.13.4"
},
{
"name": "FEDORA-2016-282507c3e9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381960"
},
{
"name": "FEDORA-2016-d2a05a0644",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUOUOK3VULMMZTNSCRFCNPDAPDWAVK7X/"
},
{
"name": "openSUSE-SU-2016:3087",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00068.html"
},
{
"name": "[oss-security] 20161004 Re: Handful of libass issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/2"
},
{
"name": "FEDORA-2016-95407a836f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7JJ2SGVOX6UQQIRMVC3QACJLKHE2PYN/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libass/libass/commit/f4f48950788b91c6a30029cc28a240b834713ea7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to \"0/3 line wrapping equalization.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-08T17:28:51.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201702-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-25"
},
{
"name": "93358",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93358"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libass/libass/releases/tag/0.13.4"
},
{
"name": "FEDORA-2016-282507c3e9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381960"
},
{
"name": "FEDORA-2016-d2a05a0644",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUOUOK3VULMMZTNSCRFCNPDAPDWAVK7X/"
},
{
"name": "openSUSE-SU-2016:3087",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00068.html"
},
{
"name": "[oss-security] 20161004 Re: Handful of libass issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/2"
},
{
"name": "FEDORA-2016-95407a836f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7JJ2SGVOX6UQQIRMVC3QACJLKHE2PYN/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libass/libass/commit/f4f48950788b91c6a30029cc28a240b834713ea7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to \"0/3 line wrapping equalization.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201702-25",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-25"
},
{
"name": "93358",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93358"
},
{
"name": "https://github.com/libass/libass/releases/tag/0.13.4",
"refsource": "CONFIRM",
"url": "https://github.com/libass/libass/releases/tag/0.13.4"
},
{
"name": "FEDORA-2016-282507c3e9",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1381960",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381960"
},
{
"name": "FEDORA-2016-d2a05a0644",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUOUOK3VULMMZTNSCRFCNPDAPDWAVK7X/"
},
{
"name": "openSUSE-SU-2016:3087",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00068.html"
},
{
"name": "[oss-security] 20161004 Re: Handful of libass issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/2"
},
{
"name": "FEDORA-2016-95407a836f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7JJ2SGVOX6UQQIRMVC3QACJLKHE2PYN/"
},
{
"name": "https://github.com/libass/libass/commit/f4f48950788b91c6a30029cc28a240b834713ea7",
"refsource": "CONFIRM",
"url": "https://github.com/libass/libass/commit/f4f48950788b91c6a30029cc28a240b834713ea7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7969",
"datePublished": "2017-03-03T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:13:21.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}