CVE-2016-7969

CVE-2016-7969

Name

CVE-2016-7969

Description

The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization."

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Third Party Advisory	http://lists.opensuse.org/opensuse-updates/2016-12/msg00068.html
Mailing List	http://www.openwall.com/lists/oss-security/2016/10/05/2
Third Party Advisory	http://www.securityfocus.com/bid/93358
Issue Tracking	https://bugzilla.redhat.com/show_bug.cgi?id=1381960
Patch	https://github.com/libass/libass/commit/f4f48950788b91c6a30029cc28a240b834713ea7
Patch	https://github.com/libass/libass/releases/tag/0.13.4
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7JJ2SGVOX6UQQIRMVC3QACJLKHE2PYN/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUOUOK3VULMMZTNSCRFCNPDAPDWAVK7X/
Patch	https://security.gentoo.org/glsa/201702-25

Type

URI

Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2016-12/msg00068.html

Mailing List

http://www.openwall.com/lists/oss-security/2016/10/05/2

Third Party Advisory

http://www.securityfocus.com/bid/93358

Issue Tracking

https://bugzilla.redhat.com/show_bug.cgi?id=1381960

Patch

https://github.com/libass/libass/commit/f4f48950788b91c6a30029cc28a240b834713ea7

Patch

https://github.com/libass/libass/releases/tag/0.13.4

cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC/

cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7JJ2SGVOX6UQQIRMVC3QACJLKHE2PYN/

cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUOUOK3VULMMZTNSCRFCNPDAPDWAVK7X/

Patch

https://security.gentoo.org/glsa/201702-25

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:o:opensuse:leap:42.1:::::::*`	leap	== None	== 42.1
`cpe:2.3:o:opensuse:opensuse:13.2:::::::*`	opensuse	== None	== 13.2

CPE URI

Source package

Min version

Max version

cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*

leap

== None

== 42.1

cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

opensuse

== None

== 13.2

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
libass	edge-community	0.13.4-r0	None	fixed
libass	3.22-community	0.13.4-r0	None	fixed
libass	3.21-community	0.13.4-r0	None	fixed
libass	3.20-community	0.13.4-r0	None	fixed
libass	3.19-community	0.13.4-r0	None	fixed
libass	3.18-community	0.13.4-r0	None	fixed
libass	3.17-community	0.13.4-r0	None	fixed
libass	3.11-main	0.13.4-r0	None	fixed
libass	3.10-main	0.13.4-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

libass

edge-community

0.13.4-r0

None

fixed

libass

3.22-community