Every CVE whose affected-product data names Libass Project Libass, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2020-24994 — CVSS 8.8 (high): Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote attackers to cause a denial of service…
CVE-2020-26682 — CVSS 8.8 (high): In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow.
CVE-2020-36430 — CVSS 7.8 (high): libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong…
CVE-2016-7969 — CVSS 7.5 (high): The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds…
CVE-2016-7970 — CVSS 7.5 (high): Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of…
CVE-2016-7972 — CVSS 7.5 (high): The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory…