Lucene search
K

695 matches found

Rosalinux
Rosalinux
added 2025/04/11 9:49 p.m.12 views

Advisory ROSA-SA-2025-2803

Software: harfbuzz 1.7.5 OS: ROSA Virtualization 3.0 packageevrstring: harfbuzz-1.7.5-4.rv30 CVE-ID: CVE-2023-25193 BDU-ID: 2023-06149 CVE-Crit: HIGH CVE-DESC.: Vulnerability in the hb-ot-layout-gsubgpos.hh component of the Harfbuzz text conversion library is related to unrestricted resource...

7.5CVSS7.4AI score0.01812EPSS
Exploits0
SUSE Linux
SUSE Linux
added 2025/04/07 7:12 a.m.1 views

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: CVE-2024-44192: Fixed unexpected process crash due to processing maliciously crafted web content bsc1239863 CVE-2024-54467: Fixed information disclosure via data cross-origin exfiltration due to a cookie management issue bsc1239864 Other...

7.1CVSS8AI score0.0424EPSS
Exploits4References12
BDU FSTEC
BDU FSTEC
added 2025/03/27 12:0 a.m.10 views

The vulnerability of the hb_cairo_glyphs_from_buffer() function in the Harfbuzz text transformation library allows a hacker to execute arbitrary code.

The vulnerability of the hbcairoglyphsfrombuffer function in the Harfbuzz text transformation library is related to buffer overflow in dynamic memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

10CVSS6.3AI score0.00643EPSS
Exploits1References5Affected Software2
SUSE Linux
SUSE Linux
added 2025/03/26 3:44 p.m.4 views

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: CVE-2024-44192: Fixed unexpected process crash due to processing maliciously crafted web content bsc1239863 CVE-2024-54467: Fixed data exilfration cross-origin due to a cookie management issue via a malicious website bsc1239864 Other fixes: ...

7.1CVSS8.1AI score0.0424EPSS
Exploits4References12
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/11 7:26 p.m.98 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-25193 DESCRIPTION: Harfbuzz is vulnerable to a denial of service, caused by a...

8.1CVSS9.8AI score0.99019EPSS
Exploits15Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-33068

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service DoS via unspecified vectors...

5.5CVSS6.1AI score0.01142EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2023-25193

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the process of looking back for base...

7.5CVSS6.2AI score0.01812EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2015-9274

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service invalid read of two bytes and application crash because of GPOS and GSUB table...

6.5CVSS6.8AI score0.01542EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2015-8947

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other...

7.6CVSS7.7AI score0.02451EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2016-2052

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or...

7.6CVSS7.8AI score0.00959EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/02/26 12:0 a.m.17 views

Amazon Linux 2023 : harfbuzz, harfbuzz-devel, harfbuzz-icu (ALAS2023-2025-848)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-848 advisory. HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hbcairoglyphsfrombuffer function. CVE-2024-56732 Tenable has extracted the preceding...

9.3CVSS5.5AI score0.00643EPSS
Exploits1References4
Amazon
Amazon
added 2025/02/21 12:0 a.m.7 views

Medium: harfbuzz

Issue Overview: HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hbcairoglyphsfrombuffer function. CVE-2024-56732 Affected Packages: harfbuzz Issue Correction: Run dnf update harfbuzz --releasever 2023.6.20250218 or dnf update...

9.3CVSS7.3AI score0.00643EPSS
Exploits1
Amazon
Amazon
added 2025/02/21 12:0 a.m.6 views

Medium: harfbuzz

Issue Overview: HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hbcairoglyphsfrombuffer function. CVE-2024-56732 Affected Packages: harfbuzz Issue Correction: Run dnf update harfbuzz --releasever 2023.6.20250218 to update your...

9.3CVSS7.3AI score0.00643EPSS
Exploits1
Redos
Redos
added 2025/02/13 12:0 a.m.89 views

ROS-20250212-12

A vulnerability in the hbcairoglyphsfrombuffer function of the Harfbuzz text transformation library is related to the bounds errors in the hbcairoglyphsfrombuffer function in hb-cairo.cc. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code on the...

9.3CVSS7.6AI score0.00643EPSS
Exploits1
OpenVAS
OpenVAS
added 2025/02/04 12:0 a.m.4 views

Ubuntu: Security Advisory (USN-7251-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.4AI score0.01812EPSS
Exploits0References2
OSV
OSV
added 2025/02/03 1:11 p.m.2 views

USN-7251-1 harfbuzz vulnerability

It was discovered that HarfBuzz incorrectly handled shaping certain fonts. A remote attacker could possibly use this issue to cause HarfBuzz to consume resources, leading to a denial of service...

7.5CVSS6.7AI score0.01812EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2025/02/03 1:11 p.m.150 views

USN-7251-1: HarfBuzz vulnerability

It was discovered that HarfBuzz incorrectly handled shaping certain fonts. A remote attacker could possibly use this issue to cause HarfBuzz to consume resources, leading to a denial of service...

7.5CVSS6.5AI score0.01812EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/02/03 12:0 a.m.7 views

Ubuntu 20.04 LTS / 22.04 LTS : HarfBuzz vulnerability (USN-7251-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7251-1 advisory. It was discovered that HarfBuzz incorrectly handled shaping certain fonts. A remote attacker could possibly use this issue to cause HarfBuzz to consum...

7.5CVSS6.4AI score0.01812EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2025/01/17 8:0 a.m.3 views

HarfBuzz heap-buffer-overflow on hb_cairo_glyphs_from_buffer

...

9.3CVSS5.3AI score0.00643EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/01/17 12:0 a.m.7 views

Ubuntu 24.10 : HarfBuzz vulnerability (USN-7214-1)

The remote Ubuntu 24.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7214-1 advisory. It was discovered that HarfBuzz incorrecty handled certain memory operations. A remote attacker could use this issue to cause HarfBuzz to crash, resulting in a denial...

9.3CVSS5.8AI score0.00643EPSS
Exploits1References2
Rows per page
Query Builder