CVE-2020-36430

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions libass versions 0.15.x through 0.15.0

Description The issue is related to the decode chars function of the libass subtitle renderer, which is used for ASS/SSA formats. It involves the use of an incorrect integer data type for subtraction, leading to a heap-based buffer overflow. This can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. The decode chars function, called from decode font and process text, is specifically affected due to the wrong integer data type used for subtraction.

Recommendations For libass versions 0.15.x through 0.15.0, update to version 0.15.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the decode chars function until a patch is available.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2021-2840

ALT-PU-2022-2492

ALT-PU-2023-1347

BDU:2022-02042

CVE-2020-36430

MGASA-2021-0413

OESA-2021-1303

OPENSUSE-SU-2021:1174-1

OPENSUSE-SU-2021:2792-1

OPENSUSE-SU-2021_1174-1

OPENSUSE-SU-2021_2792-1

SUSE-SU-2021:2792-1

SUSE-SU-2021_2792-1

Affected Products

Alt Linux

Suse

Libsass

CVE-2020-36430

Weakness Enumeration

Related Identifiers

Affected Products

References · 29