OSV-2026-121 Use-of-uninitialized-value in trySubset

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=477657796 Crash type: Use-of-uninitialized-value Crash state: trySubset hb-subset-fuzzer.cc...

harfbuzz:hb-subset-fuzzer: Use-of-uninitialized-value in bool OT::OffsetTo<OT::VariationStore, OT::IntType<unsigned int, 4u>, true>::seri

Project: https://github.com/harfbuzz/harfbuzz.git Detailed Report: https://oss-fuzz.com/testcase?key=5137462782066688 Project: harfbuzz Fuzzing Engine: libFuzzer Fuzz Target: hb-subset-fuzzer Job Type: libfuzzermsanharfbuzz Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address:...

harfbuzz:hb-subset-fuzzer: Crash in OT::VariationSelectorRecord::operator=

Project: https://github.com/harfbuzz/harfbuzz.git Detailed Report: https://oss-fuzz.com/testcase?key=6316256152780800 Project: harfbuzz Fuzzing Engine: libFuzzer Fuzz Target: hb-subset-fuzzer Job Type: libfuzzerasanharfbuzz Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x61610000067d...

harfbuzz:hb-subset-fuzzer: Crash in CFF::parsed_cs_op_t::set_skip

Project: https://github.com/harfbuzz/harfbuzz.git Detailed Report: https://oss-fuzz.com/testcase?key=5668566628827136 Project: harfbuzz Fuzzing Engine: libFuzzer Fuzz Target: hb-subset-fuzzer Job Type: libfuzzerasanharfbuzz Platform Id: linux Crash Type: UNKNOWN WRITE Crash Address: 0x0000000ffd3...

harfbuzz:hb-subset-fuzzer: Crash in hb_vector_t<CFF::op_str_t>::resize

Project: https://github.com/harfbuzz/harfbuzz.git Detailed Report: https://oss-fuzz.com/testcase?key=5448978976735232 Project: harfbuzz Fuzzing Engine: libFuzzer Fuzz Target: hb-subset-fuzzer Job Type: libfuzzerasanharfbuzz Platform Id: linux Crash Type: UNKNOWN WRITE Crash Address: 0x000000094e0...

harfbuzz:hb-subset-fuzzer: Crash in hb_vector_t<CFF::dict_val_t>::resize

Project: https://github.com/harfbuzz/harfbuzz.git Detailed Report: https://oss-fuzz.com/testcase?key=5641892164009984 Project: harfbuzz Fuzzing Engine: libFuzzer Fuzz Target: hb-subset-fuzzer Job Type: libfuzzermsanharfbuzz Platform Id: linux Crash Type: UNKNOWN WRITE Crash Address: 0x0000000e680...

harfbuzz:hb-subset-fuzzer: Heap-buffer-overflow in BEInt<unsigned short, 2>::operator=

Project: https://github.com/harfbuzz/harfbuzz.git Detailed Report: https://oss-fuzz.com/testcase?key=5704307501694976 Project: harfbuzz Fuzzing Engine: libFuzzer Fuzz Target: hb-subset-fuzzer Job Type: libfuzzerasani386harfbuzz Platform Id: linux Crash Type: Heap-buffer-overflow WRITE 1 Crash...

harfbuzz:hb-subset-fuzzer: Global-buffer-overflow in hb_array_t<OT::IntType<unsigned char, 1u> const> hb_array_t<OT::IntType<unsigned

Project: https://github.com/harfbuzz/harfbuzz.git Detailed Report: https://oss-fuzz.com/testcase?key=5747280156295168 Project: harfbuzz Fuzzing Engine: afl Fuzz Target: hb-subset-fuzzer Job Type: aflasanharfbuzz Platform Id: linux Crash Type: Global-buffer-overflow READ 1 Crash Address:...

harfbuzz:hb-subset-fuzzer: Crash in OT::SBIXGlyph::copy

Project: https://github.com/harfbuzz/harfbuzz.git Detailed Report: https://oss-fuzz.com/testcase?key=5741295280848896 Project: harfbuzz Fuzzing Engine: libFuzzer Fuzz Target: hb-subset-fuzzer Job Type: libfuzzerasani386harfbuzz Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x607d5f2c...

harfbuzz:hb-subset-fuzzer: Heap-buffer-overflow in OT::HintingDevice* hb_serialize_context_t::embed<OT::HintingDevice>

Project: https://github.com/harfbuzz/harfbuzz.git Detailed Report: https://oss-fuzz.com/testcase?key=5206191479455744 Project: harfbuzz Fuzzing Engine: libFuzzer Fuzz Target: hb-subset-fuzzer Job Type: libfuzzerasani386harfbuzz Platform Id: linux Crash Type: Heap-buffer-overflow READ Crash Addres...

harfbuzz:hb-subset-fuzzer: Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short

Project: https://github.com/harfbuzz/harfbuzz.git Detailed Report: https://oss-fuzz.com/testcase?key=5715299773186048 Project: harfbuzz Fuzzing Engine: libFuzzer Fuzz Target: hb-subset-fuzzer Job Type: libfuzzerasanharfbuzz Platform Id: linux Crash Type: Heap-buffer-overflow READ 2 Crash Address:...

harfbuzz:hb-subset-fuzzer: Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short

Project: https://github.com/harfbuzz/harfbuzz.git Detailed Report: https://oss-fuzz.com/testcase?key=5642531954229248 Project: harfbuzz Fuzzing Engine: libFuzzer Fuzz Target: hb-subset-fuzzer Job Type: libfuzzerasani386harfbuzz Platform Id: linux Crash Type: Heap-buffer-overflow READ 2 Crash...

harfbuzz:hb-subset-fuzzer: Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short

Project: https://github.com/harfbuzz/harfbuzz.git Detailed Report: https://oss-fuzz.com/testcase?key=5167653459329024 Project: harfbuzz Fuzzing Engine: libFuzzer Fuzz Target: hb-subset-fuzzer Job Type: libfuzzerasani386harfbuzz Platform Id: linux Crash Type: Heap-buffer-overflow READ 2 Crash...

harfbuzz:hb-subset-fuzzer: Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short

Project: https://github.com/harfbuzz/harfbuzz.git Detailed Report: https://oss-fuzz.com/testcase?key=5758358618898432 Project: harfbuzz Fuzzing Engine: libFuzzer Fuzz Target: hb-subset-fuzzer Job Type: libfuzzerasani386harfbuzz Platform Id: linux Crash Type: Heap-buffer-overflow READ 2 Crash...

harfbuzz:hb-subset-fuzzer: Heap-buffer-overflow in hb_array_t<OT::IntType<unsigned short, 2u> const> hb_array_t<OT::IntType<unsigne

Project: https://github.com/harfbuzz/harfbuzz.git Detailed Report: https://oss-fuzz.com/testcase?key=5677906231033856 Project: harfbuzz Fuzzing Engine: libFuzzer Fuzz Target: hb-subset-fuzzer Job Type: libfuzzerasani386harfbuzz Platform Id: linux Crash Type: Heap-buffer-overflow READ 2 Crash...

harfbuzz/hb-subset-fuzzer: Use-of-uninitialized-value in OT::AxisValue::sanitize

Project: https://github.com/harfbuzz/harfbuzz.git Detailed report: https://oss-fuzz.com/testcase?key=5696825891225600 Project: harfbuzz Fuzzer: libFuzzerharfbuzzhb-subset-fuzzer Fuzz target binary: hb-subset-fuzzer Job Type: libfuzzermsanharfbuzz Platform Id: linux Crash Type:...

harfbuzz/hb-subset-fuzzer: Stack-use-after-return in bool OT::Coverage::serialize<hb_map_iter_t<hb_map_iter_t<hb_filter_iter_t<OT::Co

Project: https://github.com/harfbuzz/harfbuzz.git Detailed report: https://oss-fuzz.com/testcase?key=5634197349203968 Project: harfbuzz Fuzzer: libFuzzerharfbuzzhb-subset-fuzzer Fuzz target binary: hb-subset-fuzzer Job Type: libfuzzerasanharfbuzz Platform Id: linux Crash Type:...

harfbuzz/hb-subset-fuzzer: Use-of-uninitialized-value in hb_hashmap_t<hb_serialize_context_t::object_t const*, unsigned int,

Project: https://github.com/harfbuzz/harfbuzz.git Detailed report: https://oss-fuzz.com/testcase?key=5676773460672512 Project: harfbuzz Fuzzer: libFuzzerharfbuzzhb-subset-fuzzer Fuzz target binary: hb-subset-fuzzer Job Type: libfuzzermsanharfbuzz Platform Id: linux Crash Type:...

harfbuzz/hb-subset-fuzzer: Heap-buffer-overflow in OT::UnsizedArrayOf<OT::IntType<unsigned char, 1u> >::copy

Project: https://github.com/harfbuzz/harfbuzz.git Detailed report: https://oss-fuzz.com/testcase?key=5733203291144192 Project: harfbuzz Fuzzer: aflharfbuzzhb-subset-fuzzer Fuzz target binary: hb-subset-fuzzer Job Type: aflasanharfbuzz Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Cra...

harfbuzz/hb-subset-fuzzer: Heap-buffer-overflow in BEInt<unsigned char, 1>::set

Project: https://github.com/harfbuzz/harfbuzz.git Detailed report: https://oss-fuzz.com/testcase?key=5760768497156096 Project: harfbuzz Fuzzer: libFuzzerharfbuzzhb-subset-fuzzer Fuzz target binary: hb-subset-fuzzer Job Type: libfuzzerasanharfbuzz Platform Id: linux Crash Type: Heap-buffer-overflo...