CVE-2020-26682: Integer Overflow
First published: Fri Oct 16 2020(Updated: )
In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Libass Project Libass | =0.14.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-26682?
CVE-2020-26682 is a vulnerability found in libass 0.14.0 that causes a signed integer overflow when the ass_outline_construct function calls outline_stroke.
How severe is CVE-2020-26682?
CVE-2020-26682 has a severity rating of 8.8, which is considered high.
Which software version is affected by CVE-2020-26682?
CVE-2020-26682 affects version 0.14.0 of the Libass Project's libass.
How can CVE-2020-26682 be fixed?
To fix CVE-2020-26682, users should update libass to a version that contains the patch for the vulnerability.
Where can I find more information about CVE-2020-26682?
More information about CVE-2020-26682 can be found in the references: [link1], [link2], [link3].
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/tags
- agent/event
- vendor/libass project
- canonical/libass project libass
- version/libass project libass/0.14.0