CVE-2020-26682

Name

CVE-2020-26682

Description

In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

Exploits

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
Exploit	https://github.com/libass/libass/issues/431
Third Party Advisory	https://github.com/libass/libass/pull/432
MLIST	http://www.openwall.com/lists/oss-security/2020/11/19/7
GENTOO	https://security.gentoo.org/glsa/202012-12

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:libass_project:libass:0.14.0:::::::*`	libass	== None	== 0.14.0

Source package	Branch	Version	Maintainer	Status
libass	3.11-main	0.14.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libass	3.10-main	0.14.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable