CVE-2016-7972 | Vulnerability Database | Aqua Security

The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.

Affected Software

Name	Vendor	Start Version	End Version
Leap	Opensuse	42.1 (including)	42.1 (including)
Opensuse	Opensuse	13.2 (including)	13.2 (including)
Libass	Ubuntu	esm-apps/xenial	*
Libass	Ubuntu	precise	*
Libass	Ubuntu	trusty	*
Libass	Ubuntu	trusty/esm	*
Libass	Ubuntu	upstream	*
Libass	Ubuntu	xenial	*
Libass	Ubuntu	yakkety	*

References

http://lists.opensuse.org/opensuse-updates/2016-12/msg00068.html
http://www.openwall.com/lists/oss-security/2016/10/05/2
http://www.securityfocus.com/bid/93358
https://bugzilla.redhat.com/show_bug.cgi?id=1381960
https://github.com/libass/libass/pull/240/commits/aa54e0b59200a994d50a346b5d7ac818ebcf2d4b
https://github.com/libass/libass/releases/tag/0.13.4
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7JJ2SGVOX6UQQIRMVC3QACJLKHE2PYN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUOUOK3VULMMZTNSCRFCNPDAPDWAVK7X/
https://security.gentoo.org/glsa/201702-25

NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-7972
CWE	https://cwe.mitre.org/data/definitions/399.html