8 matches found
CVE-2023-25193
CVE-2023-25193 affects HarfBuzz up to 6.0.0, where hb-ot-layout-gsubgpos.hh can trigger O(n^2) growth by consecutive marks when looking back for base glyphs during mark attachment. Public references in the provided documents confirm the vulnerability and its association with HarfBuzz, but no expl...
CVE-2015-8947
HarfBuzz vulnerability CVE-2015-8947 affects the text shaping engine, specifically the file hb-ot-layout-gpos-table.hh. Affected product/version: HarfBuzz prior to 1.0.5. Root cause: a buffer over-read in the OpenType layout processing path when handling crafted data. Impact: remote attacker coul...
CVE-2022-33068
CVE-2022-33068 : HarfBuzz v4.3.0 contains an integer overflow in the hb-ot-shape-fallback.cc component that can lead to a Denial of Service via unspecified vectors. Documents corroborate the issue across multiple advisories (Linux distros and CNVD), noting a security fix is required, but do not p...
CVE-2015-9274
CVE-2015-9274 affects HarfBuzz up to version 1.0.3. The root cause is mishandling of GPOS/GSUB tables (hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, hb-ot-layout-gsubgpos-private.hh) in the text shaping pipeline, allowing a remote attacker to cause a denial of service via an invalid rea...
CVE-2016-2052
HarfBuzz contains CVE-2016-2052: a buffer over-read due to an inverted length check in hb-ot-font.cc, affecting HarfBuzz up to 1.0.6 and used by Google Chrome prior to 48.0.2564.82. Affected data could cause a denial of service or other impact. The issue is fixed in HarfBuzz 1.0.6 and later; upgr...
CVE-2024-56732
CVE-2024-56732 affects HarfBuzz 8.5.0–10.0.1 with a heap-based buffer overflow in hb_cairo_glyphs_from_buffer. Multiple Nessus/Amazon/Linux advisories corroborate the issue across distributions. No explicit exploit details or fixed version are provided in the connected docs; remediation requires ...
CVE-2021-45931
CVE-2021-45931 affects HarfBuzz 2.9.0, with an out-of-bounds write in hb_bit_set_invertible_t::set called from hb_sparseset_t::set and hb_set_copy. Exploitation details are not provided in the initial description. Public references (ALAS2022/ALAS2023) indicate updates to HarfBuzz (e.g., 2.9.1) an...
CVE-2026-22693
HarfBuzz text shaping engine contains a null pointer dereference in SubtableUnicodesCache::create (src/hb-ot-cmap-table.hh) that occurs when hb_malloc returns NULL before a placement new, leading to undefined behavior/segfault on low memory. This affects versions prior to 12.3.0 and has been fixe...