Vulnerability Details CVE-2020-26682
In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.0%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- http://www.openwall.com/lists/oss-security/2020/11/19/7
- https://github.com/libass/libass/issues/431
- https://github.com/libass/libass/pull/432
- https://security.gentoo.org/glsa/202012-12
- http://www.openwall.com/lists/oss-security/2020/11/19/7
- https://github.com/libass/libass/issues/431
- https://github.com/libass/libass/pull/432
- https://security.gentoo.org/glsa/202012-12
Products affected by CVE-2020-26682
-
cpe:2.3:a:libass_project:libass:0.14.0