CVE-2020-26682 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Arbitrary code execution
Description	In libass 0.14.0, the ass_outline_construct's call to outline_stroke causes a signed integer overflow.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1285	libass	0.14.0-2	0.15.0-1	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
19 Nov 2020	ASA-202011-19	AVG-1285	libass	Medium	arbitrary code execution

References
https://github.com/libass/libass/issues/431 https://github.com/libass/libass/pull/432 https://github.com/libass/libass/commit/676f9dc5b52ef406c5527bdadbcb947f11392929