libass: Denial of service — GLSA 202208-13

A vulnerability in libass could result in denial of service.

Affected packages

media-libs/libass on all architectures
Affected versions < 0.15.1
Unaffected versions >= 0.15.1

Background

libass is a portable subtitle renderer for the ASS/SSA (Advanced Substation Alpha/Substation Alpha) subtitle format.

Description

A one-byte buffer overwrite in ASS font decoding could trigger an assertion failure resulting in denial of service.

Impact

An attacker with control over the ASS track input to libass via an application using it could trigger a denial of service.

Workaround

There is no known workaround at this time.

Resolution

All libass users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/libass-0.15.1"
 

References

Release date
August 10, 2022

Latest revision
August 10, 2022: 1

Severity
low

Exploitable
remote

Bugzilla entries