Published: 16/10/2020 Updated: 15/06/2022

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libass project libass 0.14.0

Debian Bug report logs - #975108 libass: CVE-2020-26682: Signed integer overflow Package: libass9; Maintainer for libass9 is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for libass9 is src:libass (PTS, buildd, popcon) Reported by: Ian <nobrowser@gmailcom> Date: Thu, 19 Nov 2020 05:45:08 ...

In libass 0140, the ass_outline_construct's call to outline_stroke causes a signed integer overflow ...

oss-sec mailing list archives   By Date By Thread </form>    Re: libass ass_outlinec signed integer overflow   From: Moritz Mühlenho ...

CWE-190 https://github.com/libass/libass/issues/431 https://github.com/libass/libass/pull/432 http://www.openwall.com/lists/oss-security/2020/11/19/7 https://security.gentoo.org/glsa/202012-12 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975108 https://nvd.nist.gov https://security.archlinux.org/CVE-2020-26682

CVE-2020-26682

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect