Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Mageia 7: MGASA-2021-0017 Moderate: Signed Integer Overflow Fix in Libass

mageia
Calendar Grey January 10, 2021
Dist Mageia Esm H88
Recent updates to the libass packages address a critical signed integer overflow vulnerability in Mageia 7. For further details, consult the security advisory here.
In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow

Summary

In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow. (CVE-2020-26682)

References

- https://bugs.mageia.org/show_bug.cgi?id=27385

- https://www.openwall.com/lists/oss-security/2020/09/29/2

- https://www.openwall.com/lists/oss-security/2020/11/19/7

- https://www.cve.org/CVERecord?id=CVE-2020-26682

Topics%20covered

Topics Covered

security advisory moderate security issue update software update moderate severity libass Mageia signed integer overflow signed overflow

Resolution

SRPMS

- 7/core/libass-0.15.0-1.mga7

Publication date: 10 Jan 2021
URL: https://advisories.mageia.org/MGASA-2021-0017.html
Type: security
CVE: CVE-2020-26682

Topics%20covered

Topics Covered

security advisory moderate security issue update software update moderate severity libass Mageia signed integer overflow signed overflow

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here