libass: User-assisted execution of arbitrary code A vulnerability has been found in libass that could allow a remote attacker to execute arbitrary code. libass 2020-12-23 2020-12-23 746413 local, remote 0.15.0 0.15.0

libass is a portable subtitle renderer for the ASS/SSA (Advanced Substation Alpha/Substation Alpha) subtitle format.

It was discovered that libass did not properly handle Advanced Substation Alpha/Substation Alpha subtitle format files.

A remote attacker could entice a user to process an a specially crafted subtitle format file using an application linked against libass, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.

There is no known workaround at this time.

All libass users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libass-0.15.0" CVE-2020-26682 whissi whissi