| Summary: | libass new integer overflow security issue (CVE-2020-26682) | ||
|---|---|---|---|
| Product: | [ROSA-based products] ROSA Fresh | Reporter: | Zombie Ryushu <zombie.ryushu> |
| Component: | Packages from Main | Assignee: | ROSA Linux Bugs <bugs> |
| Status: | CONFIRMED --- | QA Contact: | ROSA Linux Bugs <bugs> |
| Severity: | normal | ||
| Priority: | Normal | CC: | alzim, andrey.bondrov, denis.silakov, mc2374 |
| Version: | All | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Platform: | 2016.1 | ROSA Vulnerability identifier: | CVE-2020-26682 |
| RPM Package: | libass-0.13.4-3.src.rpm | ISO-related: | |
| Bad POT generating: | Upstream: | ||
|
Description
Zombie Ryushu
2020-12-08 01:09:23 MSK
In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow. (CVE-2020-26682) 2019.1 is patched. |