PT-2021-11098 · Libass+4 · Libsass+4

Fstark-Prog

Published

2018-01-03

Updated

2022-07-22

CVE-2020-24994

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: libass versions prior to 0.15.0

Description: The issue is related to a stack overflow in the parse tag function in libass/ass parse.c. This allows remote attackers to cause a denial of service or potentially execute remote code via a crafted file.

Recommendations: For versions prior to 0.15.0, update to version 0.15.0 or later to resolve the issue. As a temporary workaround, consider restricting access to files that could be used to exploit this issue until a patch is applied.

Fix

RCE

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

ALT-PU-2020-3253

ALT-PU-2020-3292

ALT-PU-2021-2147

BDU:2025-03974

CVE-2020-24994

OPENSUSE-SU-2021:0773-1

OPENSUSE-SU-2021:1664-1

OPENSUSE-SU-2021_0773-1

OPENSUSE-SU-2021_1664-1

SUSE-SU-2021:1664-1

SUSE-SU-2021_1664-1

USN-4797-1

Affected Products

Alt Linux

Astra Linux

Suse

Ubuntu

Libsass

PT-2021-11098 · Libass+4 · Libsass+4

CVE-2020-24994

Weakness Enumeration

Related Identifiers

Affected Products

References · 30