A vulnerability in libass could result in denial of service.
|Package||media-libs/libass on all architectures|
|Affected versions||< 0.15.1|
|Unaffected versions||>= 0.15.1|
libass is a portable subtitle renderer for the ASS/SSA (Advanced Substation Alpha/Substation Alpha) subtitle format.
A one-byte buffer overwrite in ASS font decoding could trigger an assertion failure resulting in denial of service.
An attacker with control over the ASS track input to libass via an application using it could trigger a denial of service.
There is no known workaround at this time.
All libass users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libass-0.15.1"
August 10, 2022
August 10, 2022: 1