Vulnerability CVE-2020-26682: Information

Description

In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2020-26682
Published: Oct. 16, 2020
Modified: June 15, 2022
Error type identifier: CWE-190

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
libasssisyphus0.15.0-alt10.17.2-alt1ALT-PU-2020-3253-1261468Fixed
libassp100.15.0-alt10.16.0-alt1ALT-PU-2020-3253-1261468Fixed
libassp90.15.0-alt10.15.0-alt1ALT-PU-2020-3292-1261469Fixed
libassc10f10.15.0-alt10.16.0-alt1ALT-PU-2020-3253-1261468Fixed
libassc9f20.15.0-alt10.17.0-alt1ALT-PU-2021-2147-1276677Fixed
libassp110.15.0-alt10.17.2-alt1ALT-PU-2020-3253-1261468Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/libass/libass/issues/431
  • Exploit
  • Issue Tracking
  • Third Party Advisory
https://github.com/libass/libass/pull/432
  • Issue Tracking
  • Third Party Advisory
[oss-security] 20201119 Re: libass ass_outline.c signed integer overflow
  • Exploit
  • Issue Tracking
  • Mailing List
  • Third Party Advisory
GLSA-202012-12
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:libass_project:libass:0.14.0:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top