Main Vulnerability Database SB2016100712

SB2016100712 - Fedora EPEL 7 update for libass

Published: October 7, 2016 Updated: April 24, 2025

Security Bulletin ID SB2016100712

Severity

Medium

Patch available

YES

Number of vulnerabilities 3

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2016-7969)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization."

2) Buffer overflow (CVE-ID: CVE-2016-7970)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors.

3) Resource management error (CVE-ID: CVE-2016-7972)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-c3527eff6c

SB2016100712 - Fedora EPEL 7 update for libass

Breakdown by Severity

Description

Remediation

References

Please verify you're human