The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of libass: three vulnerabilities

Synthesis of the vulnerability 

An attacker can use several vulnerabilities of libass.
Impacted software: Debian, Fedora, openSUSE, openSUSE Leap.
Severity of this computer vulnerability: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 20/10/2016.
Références of this announce: CVE-2016-7969, CVE-2016-7970, CVE-2016-7972, DLA-668-1, FEDORA-2016-282507c3e9, FEDORA-2016-95407a836f, openSUSE-SU-2016:3087-1, VIGILANCE-VUL-20920.

Description of the vulnerability 

Several vulnerabilities were announced in libass.

An attacker can force a read at an invalid address via Mode 0/3 Line Wrapping, in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-7969]

An attacker can force a read at an invalid address via Gaussian Blur Coefficient, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2016-7970]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-7972]
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity vulnerability impacts software or systems such as Debian, Fedora, openSUSE, openSUSE Leap.

Our Vigil@nce team determined that the severity of this vulnerability is medium.

The trust level is of type confirmed by the editor, with an origin of document.

This bulletin is about 3 vulnerabilities.

An attacker with a expert ability can exploit this weakness alert.

Solutions for this threat 

Debian 7: new libass packages.
New packages are available:
  Debian 7: libass 0.10.0-3+deb7u1

Fedora: new libass packages.
New packages are available:
  Fedora 23: libass 0.13.4-1.fc23
  Fedora 24: libass 0.13.4-1.fc24

openSUSE: new libass packages.
New packages are available:
  openSUSE Leap 42.1: libass5 0.12.3-6.1
  openSUSE 13.2: libass5 0.12.1-2.8.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a software vulnerabilities note. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.