Astra Linux - уязвимость в harfbuzz

HarfBuzz is a text shaping engine. Prior to version 12.3.0, there was a null pointer dereference vulnerability in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check whether hbmalloc returns NULL before using placement new to construct an...

Advisory ROSA-SA-2026-3272

software: harfbuzz 7.0.1 OS: ROSA-CHROME unaffected versions = harfbuzz-7.0.1-3 affected versions harfbuzz-7.0.1-3 CVE-ID: CVE-2026-22693 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A null pointer dereferencing vulnerability in HarfBuzz is related to a lack of validation of the hbmalloc return value...

BIT-JRE-2023-25193

hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the process of looking back for base glyphs when attaching marks...

PT-2026-38795

hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the process of looking back for base glyphs when attaching marks...

BIT-JAVA-MIN-2023-25193

hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the process of looking back for base glyphs when attaching marks...

BIT-JAVA-2023-25193

hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the process of looking back for base glyphs when attaching marks...

CLSA-2026-1778051357 java-21-openjdk: Fix of 8 CVEs

Update to jdk-21.0.11+10 GA - Resolves Oracle April 2026 CPU CVEs: CVE-2026-22007, CVE-2026-22013, CVE-2026-22016, CVE-2026-22018, CVE-2026-22021, CVE-2026-34268, CVE-2026-34282 - CVE-2026-23865: integer overflow in ttvarloaditemvariationstore in bundled FreeType fixed via bump to 2.14.2 - Update...

PT-2026-37981

hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the process of looking back for base glyphs when attaching marks...

PT-2026-37774

hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the process of looking back for base glyphs when attaching marks...

Astra Linux - уязвимость в harfbuzz

An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service DoS via unspecified vectors...

CLSA-2026-1776762459 harfbuzz: Fix of CVE-2023-25193

CVE-2023-25193: optimize looking back for base glyphs in hb-ot-layout-gsubgpos-private.hh...

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: harfbuzz: harfbuzz-14.1.0-2.hum1 aarch64, x8664 harfbuzz-cairo-14.1.0-2.hum1 aarch64, x8664 harfbuzz-devel-14.1.0-2.hum1 aarch64, x8664 harfbuzz-gpu-14.1.0-2.hum1 aarch64, x8664...

SUSE: Security Advisory (SUSE-SU-2026:20922-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2026:20409-1 Security update for harfbuzz

This update for harfbuzz fixes the following issues: Update to version 11.4.5: Security fixes: - CVE-2026-22693: Fixed a NULL pointer dereference in SubtableUnicodesCache::create bsc1256459. Other fixes: - Bug fixes for “AAT” shaping, and other shaping micro optimizations. - Fix a shaping...

SUSE-SU-2026:20922-1 Security update for harfbuzz

This update for harfbuzz fixes the following issues: Update to version 11.4.5: Security fixes: - CVE-2026-22693: Fixed a NULL pointer dereference in SubtableUnicodesCache::create bsc1256459. Other fixes: - Bug fixes for “AAT” shaping, and other shaping micro optimizations. - Fix a shaping...

SUSE-SU-2026:20762-1 Security update for harfbuzz

This update for harfbuzz fixes the following issues: Update to version 11.4.5: Security fixes: - CVE-2026-22693: Fixed a NULL pointer dereference in SubtableUnicodesCache::create bsc1256459. Other fixes: - Bug fixes for “AAT” shaping, and other shaping micro optimizations. - Fix a shaping...

Medium: thunderbird

Issue Overview: HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hbmalloc returns NULL before using placement new to construc...

Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3171 (ALAS-2026-3171)

The version of thunderbird installed on the remote host is prior to 140.7.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3171 advisory. HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the...

Amazon Linux 2023 : firefox (ALAS2023-2026-1435)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1435 advisory. HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. Th...

Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2026-051 (ALASFIREFOX-2026-051)

The version of firefox installed on the remote host is prior to 140.7.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2026-051 advisory. HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the...