0.14.0

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

libass-project

NVD

Published: 2021-03-23

Updated: 2022-07-22

Summary

Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file.

Vulnerable Configurations

Part	Description	Count
Application	Libass_Project Libass Project Libass 0.13.3 Libass Project Libass 0.14.0	2

References

https://github.com/libass/libass/issues/422
https://github.com/libass/libass/issues/423
https://github.com/libass/libass/issues/422#issuecomment-806002919
https://github.com/libass/libass/commit/6835731c2fe4164a0c50bc91d12c43b2a2b4e