13 matches found
CLSA-2026-1776762459 harfbuzz: Fix of CVE-2023-25193
CVE-2023-25193: optimize looking back for base glyphs in hb-ot-layout-gsubgpos-private.hh...
EUVD-2023-29157
Malicious code in bioql PyPI...
CLSA-2024-1723795896 harfbuzz: Fix of CVE-2023-25193
CVE-2023-25193: optimize looking back for base glyphs in hb-ot-layout-gsubgpos-private.hh...
ROS-20240329-19
A vulnerability in the hb-ot-layout-gsubgpos.hh component of the Harfbuzz text conversion library is related to the unrestricted resource allocation, Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
Huawei EulerOS: Security Advisory for harfbuzz (EulerOS-SA-2023-3432)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OSV-2023-380 UNKNOWN WRITE in bool OT::Layout::Common::Coverage::serialize<hb_map_iter_t<hb_map_iter_t<hb_filt
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58663 Crash type: UNKNOWN WRITE Crash state: bool OT::Layout::Common::Coverage::serialize::subset hbsubsetcontextt::returnt OT::Layout::GSUBimpl::SubstLookupSubTable::dispat...
OSV-2023-377 UNKNOWN WRITE in bool OT::Layout::Common::CoverageFormat2_4<OT::Layout::MediumTypes>::serialize<h
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58671 Crash type: UNKNOWN WRITE Crash state: bool OT::Layout::Common::CoverageFormat24::serialize::subset...
OSV-2023-376 UNKNOWN WRITE in OT::Layout::GPOS_impl::CursivePosFormat1::subset
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58660 Crash type: UNKNOWN WRITE Crash state: OT::Layout::GPOSimpl::CursivePosFormat1::subset hbsubsetcontextt::returnt OT::Layout::GPOSimpl::PosLookupSubTable::dispatch bool...
PT-2023-35811 · Git +1 · Harfbuzz
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of UNKNOWN WRITE. The crash state involves several function calls, including hb ot layout substitute start, hb ot...
Fedora 38 : cairo / freetype / harfbuzz / qt6-qtwebengine (2023-a48406ecd2)
The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-a48406ecd2 advisory. Security fix for CVE-2023-25193 Update of HarfBuzz to 7.0.1 version 2169172 Update of freetype to 2.13.0 version 2168496 ---- Security fix for...
OSV-2023-137 Heap-buffer-overflow in OT::Layout::Common::Coverage::get_population
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56510 Crash type: Heap-buffer-overflow READ 1 Crash state: OT::Layout::Common::Coverage::getpopulation OT::Layout::GPOSimpl::SinglePosFormat1::sanitize hbsanitizecontextt::returnt OT::Layout::GPOSimpl::PosLookupSubTable::dispa...
OSV-2023-27 Heap-buffer-overflow in OT::Layout::GPOS_impl::PairSet<OT::Layout::MediumTypes>::apply
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55287 Crash type: Heap-buffer-overflow READ 1 Crash state: OT::Layout::GPOSimpl::PairSet::apply OT::Layout::GPOSimpl::PairPosFormat13::apply bool OT::hbacceleratesubtablescontextt::applytoOT::Layout::GPOSimpl::Pair...
HarfBuzz Denial of Service Vulnerability
HarfBuzz is a text engine for OpenType fonts. A security vulnerability exists in the hb-ot-layout-gpos-table.hh file in HarfBuzz 1.0.4 and earlier versions. A remote attacker can exploit this vulnerability to cause a denial of service with specially crafted data...