Описание
libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction.
Ссылки
- Issue TrackingPatchThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- Issue TrackingPatchThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 0.15.0 (включая) до 0.15.1 (исключая)
cpe:2.3:a:libass_project:libass:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.00311
Низкий
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-787
Связанные уязвимости
CVSS3: 7.8
ubuntu
больше 4 лет назад
libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction.
CVSS3: 7.8
debian
больше 4 лет назад
libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode ...
EPSS
Процентиль: 54%
0.00311
Низкий
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-787