Vulnerabilities > Libass Project > Libass > 0.14.0

DATE CVE VULNERABILITY TITLE RISK
2021-03-23 CVE-2020-24994 Allocation of Resources Without Limits or Throttling vulnerability in Libass Project Libass 0.13.3/0.14.0
Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file.
network
low complexity
libass-project CWE-770
8.8
8.8
2020-10-16 CVE-2020-26682 Integer Overflow or Wraparound vulnerability in Libass Project Libass 0.14.0
In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow.
network
low complexity
libass-project CWE-190
8.8
8.8