[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: libass ass_outline.c signed integer overflow
From:       Ian Zimmerman <itz () very ! loosely ! org>
Date:       2020-11-19 5:34:16
Message-ID: 20201119053416.vfvkqvgsmbmp2wnd () moyka
[Download RAW message or body]

On 2020-09-29 08:19, Fstark wrote:

> In `ass_outline_construct`'s call to `outline_stroke` a signed integer
> overflow happens *(undefined behaviour)*. On my machine signed overflow
> happens to wrap around to a negative value, thus failing the assert.
> https://github.com/libass/libass/issues/431
> 
> https://github.com/libass/libass/pull/432

I have followed the links above, and this seems to be an example of a
situation where the CVE process has failed. It is still not fixed in
Debian, possibly for that reason. I'll report a Debian bug today.

-- 
Ian
[prev in list] [next in list] [prev in thread] [next in thread]