CVE-2016-7969 in Ubuntu

CVE-2016-7969

Priority

Description

The wrap_lines_smart function in ass_render.c in libass before 0.13.4
allows remote attackers to cause a denial of service (out-of-bounds read)
via unspecified vectors, related to "0/3 line wrapping equalization."

Ubuntu-Description

It was discovered that LibASS incorrectly handled certain ASS files. A remote
attacker could possibly use this issue to cause a denial of service.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7969
http://www.openwall.com/lists/oss-security/2016/10/05/2

Bugs

https://github.com/libass/libass/pull/240

Notes

Package

Source: libass (LP Ubuntu Debian)

Upstream:	released (0.13.4)
Ubuntu 18.04 LTS:	not-affected (1:0.13.4-2)
Ubuntu 20.04 LTS:	not-affected (1:0.13.4-2)
Ubuntu 21.10:	not-affected (1:0.13.4-2)
Ubuntu 22.04 LTS:	not-affected (1:0.13.4-2)
Ubuntu 14.04 ESM:	needed

Patches:

Upstream:

https://github.com/libass/libass/pull/240/commits/b72b283b936a600c730e00875d7d067bded3fc26

More Information

Updated: 2022-04-28 16:14:27 UTC (commit 52442b9748ff96db94209f46abe7be235ac20ed5)