2 matches found
CVE-2015-9274
CVE-2015-9274 affects HarfBuzz up to version 1.0.3. The root cause is mishandling of GPOS/GSUB tables (hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, hb-ot-layout-gsubgpos-private.hh) in the text shaping pipeline, allowing a remote attacker to cause a denial of service via an invalid rea...
CVE-2026-22693
HarfBuzz text shaping engine contains a null pointer dereference in SubtableUnicodesCache::create (src/hb-ot-cmap-table.hh) that occurs when hb_malloc returns NULL before a placement new, leading to undefined behavior/segfault on low memory. This affects versions prior to 12.3.0 and has been fixe...