Lucene search
K
Harfbuzz ProjectHarfbuzz

8 matches found

CVE
CVE
added 2023/02/04 12:0 a.m.565 views

CVE-2023-25193

CVE-2023-25193 affects HarfBuzz up to 6.0.0, where hb-ot-layout-gsubgpos.hh can trigger O(n^2) growth by consecutive marks when looking back for base glyphs during mark attachment. Public references in the provided documents confirm the vulnerability and its association with HarfBuzz, but no expl...

7.5CVSS7.6AI score0.01812EPSS
CVE
CVE
added 2016/07/19 10:0 a.m.219 views

CVE-2015-8947

HarfBuzz vulnerability CVE-2015-8947 affects the text shaping engine, specifically the file hb-ot-layout-gpos-table.hh. Affected product/version: HarfBuzz prior to 1.0.5. Root cause: a buffer over-read in the OpenType layout processing path when handling crafted data. Impact: remote attacker coul...

7.6CVSS7.9AI score0.02451EPSS
CVE
CVE
added 2022/06/22 1:24 p.m.171 views

CVE-2022-33068

CVE-2022-33068 : HarfBuzz v4.3.0 contains an integer overflow in the hb-ot-shape-fallback.cc component that can lead to a Denial of Service via unspecified vectors. Documents corroborate the issue across multiple advisories (Linux distros and CNVD), noting a security fix is required, but do not p...

5.5CVSS5.4AI score0.01134EPSS
CVE
CVE
added 2018/11/15 5:0 a.m.119 views

CVE-2015-9274

CVE-2015-9274 affects HarfBuzz up to version 1.0.3. The root cause is mishandling of GPOS/GSUB tables (hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, hb-ot-layout-gsubgpos-private.hh) in the text shaping pipeline, allowing a remote attacker to cause a denial of service via an invalid rea...

6.5CVSS6.2AI score0.01542EPSS
CVE
CVE
added 2016/01/25 11:0 a.m.111 views

CVE-2016-2052

HarfBuzz contains CVE-2016-2052: a buffer over-read due to an inverted length check in hb-ot-font.cc, affecting HarfBuzz up to 1.0.6 and used by Google Chrome prior to 48.0.2564.82. Affected data could cause a denial of service or other impact. The issue is fixed in HarfBuzz 1.0.6 and later; upgr...

7.6CVSS7.9AI score0.00959EPSS
CVE
CVE
added 2024/12/27 8:1 p.m.96 views

CVE-2024-56732

CVE-2024-56732 affects HarfBuzz 8.5.0–10.0.1 with a heap-based buffer overflow in hb_cairo_glyphs_from_buffer. Multiple Nessus/Amazon/Linux advisories corroborate the issue across distributions. No explicit exploit details or fixed version are provided in the connected docs; remediation requires ...

9.3CVSS7.1AI score0.00643EPSS
CVE
CVE
added 2021/12/31 11:58 p.m.94 views

CVE-2021-45931

CVE-2021-45931 affects HarfBuzz 2.9.0, with an out-of-bounds write in hb_bit_set_invertible_t::set called from hb_sparseset_t::set and hb_set_copy. Exploitation details are not provided in the initial description. Public references (ALAS2022/ALAS2023) indicate updates to HarfBuzz (e.g., 2.9.1) an...

6.5CVSS6.3AI score0.0178EPSS
CVE
CVE
added 2026/01/10 5:53 a.m.51 views

CVE-2026-22693

HarfBuzz text shaping engine contains a null pointer dereference in SubtableUnicodesCache::create (src/hb-ot-cmap-table.hh) that occurs when hb_malloc returns NULL before a placement new, leading to undefined behavior/segfault on low memory. This affects versions prior to 12.3.0 and has been fixe...

5.3CVSS6.7AI score0.00377EPSS