CVE-2020-36430 - Libass Project Libass
Critical 7.8
libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction.
Affected software
Libass Project Libass