libass 0.15.x prior to 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
libass project libass |
||
fedoraproject fedora 34 |