695 matches found
Advisory ROSA-SA-2025-2803
Software: harfbuzz 1.7.5 OS: ROSA Virtualization 3.0 packageevrstring: harfbuzz-1.7.5-4.rv30 CVE-ID: CVE-2023-25193 BDU-ID: 2023-06149 CVE-Crit: HIGH CVE-DESC.: Vulnerability in the hb-ot-layout-gsubgpos.hh component of the Harfbuzz text conversion library is related to unrestricted resource...
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: CVE-2024-44192: Fixed unexpected process crash due to processing maliciously crafted web content bsc1239863 CVE-2024-54467: Fixed information disclosure via data cross-origin exfiltration due to a cookie management issue bsc1239864 Other...
The vulnerability of the hb_cairo_glyphs_from_buffer() function in the Harfbuzz text transformation library allows a hacker to execute arbitrary code.
The vulnerability of the hbcairoglyphsfrombuffer function in the Harfbuzz text transformation library is related to buffer overflow in dynamic memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: CVE-2024-44192: Fixed unexpected process crash due to processing maliciously crafted web content bsc1239863 CVE-2024-54467: Fixed data exilfration cross-origin due to a cookie management issue via a malicious website bsc1239864 Other fixes: ...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-25193 DESCRIPTION: Harfbuzz is vulnerable to a denial of service, caused by a...
Linux Distros Unpatched Vulnerability : CVE-2022-33068
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service DoS via unspecified vectors...
Linux Distros Unpatched Vulnerability : CVE-2023-25193
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the process of looking back for base...
Linux Distros Unpatched Vulnerability : CVE-2015-9274
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service invalid read of two bytes and application crash because of GPOS and GSUB table...
Linux Distros Unpatched Vulnerability : CVE-2015-8947
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other...
Linux Distros Unpatched Vulnerability : CVE-2016-2052
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or...
Amazon Linux 2023 : harfbuzz, harfbuzz-devel, harfbuzz-icu (ALAS2023-2025-848)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-848 advisory. HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hbcairoglyphsfrombuffer function. CVE-2024-56732 Tenable has extracted the preceding...
Medium: harfbuzz
Issue Overview: HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hbcairoglyphsfrombuffer function. CVE-2024-56732 Affected Packages: harfbuzz Issue Correction: Run dnf update harfbuzz --releasever 2023.6.20250218 or dnf update...
Medium: harfbuzz
Issue Overview: HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hbcairoglyphsfrombuffer function. CVE-2024-56732 Affected Packages: harfbuzz Issue Correction: Run dnf update harfbuzz --releasever 2023.6.20250218 to update your...
ROS-20250212-12
A vulnerability in the hbcairoglyphsfrombuffer function of the Harfbuzz text transformation library is related to the bounds errors in the hbcairoglyphsfrombuffer function in hb-cairo.cc. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code on the...
Ubuntu: Security Advisory (USN-7251-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-7251-1 harfbuzz vulnerability
It was discovered that HarfBuzz incorrectly handled shaping certain fonts. A remote attacker could possibly use this issue to cause HarfBuzz to consume resources, leading to a denial of service...
USN-7251-1: HarfBuzz vulnerability
It was discovered that HarfBuzz incorrectly handled shaping certain fonts. A remote attacker could possibly use this issue to cause HarfBuzz to consume resources, leading to a denial of service...
Ubuntu 20.04 LTS / 22.04 LTS : HarfBuzz vulnerability (USN-7251-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7251-1 advisory. It was discovered that HarfBuzz incorrectly handled shaping certain fonts. A remote attacker could possibly use this issue to cause HarfBuzz to consum...
HarfBuzz heap-buffer-overflow on hb_cairo_glyphs_from_buffer
...
Ubuntu 24.10 : HarfBuzz vulnerability (USN-7214-1)
The remote Ubuntu 24.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7214-1 advisory. It was discovered that HarfBuzz incorrecty handled certain memory operations. A remote attacker could use this issue to cause HarfBuzz to crash, resulting in a denial...