CVE-2023-25193

2023-02-0400:00:00

ubuntu.com

0.002 Low

EPSS

Percentile

56.3%

JSON

hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to
trigger O(n^2) growth via consecutive marks during the process of looking
back for base glyphs when attaching marks.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030612>

Notes

Author	Note
rodrigo-zaiden	commit 85be877925ddbf34f74a1229f3ca1716bb6170dc that was claimed to fix the issue, got reverted in commit 661050b4659ee490dfe622821bc7fde7d1c40510, there are comments on the first discussing possible regressions. Instead, the commits listed in the patches section seems to properly fix the issue. for commit 30b84faba, _infos_set_glyph_flags() can be found as _unsafe_to_break_set_mask() for versios prior to 3.3.0, down to version 1.5.0, where the later was added. GPOS lookups (src/OT/Layout/GPOS) moved to the current code baseline in version 4.4.1, before it, some of the methods can be found in src/hb-ot-layout-gsubgpos.hh. releases prior to bionic does not have any of the code being fixed. bionic itself could be patched with some of the commits, but not all. a careful check seems necessary to evaluate if really possible to fix it.

Author

Note

rodrigo-zaiden

commit 85be877925ddbf34f74a1229f3ca1716bb6170dc that was claimed to fix the issue, got reverted in commit 661050b4659ee490dfe622821bc7fde7d1c40510, there are comments on the first discussing possible regressions. Instead, the commits listed in the patches section seems to properly fix the issue. for commit 30b84faba, _infos_set_glyph_flags() can be found as _unsafe_to_break_set_mask() for versios prior to 3.3.0, down to version 1.5.0, where the later was added. GPOS lookups (src/OT/Layout/GPOS) moved to the current code baseline in version 4.4.1, before it, some of the methods can be found in src/hb-ot-layout-gsubgpos.hh. releases prior to bionic does not have any of the code being fixed. bionic itself could be patched with some of the commits, but not all. a careful check seems necessary to evaluate if really possible to fix it.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchharfbuzz< anyUNKNOWN
ubuntu20.04noarchharfbuzz< anyUNKNOWN
ubuntu22.04noarchharfbuzz< anyUNKNOWN
ubuntu23.10noarchharfbuzz< anyUNKNOWN
ubuntu24.04noarchharfbuzz< anyUNKNOWN
ubuntu18.04noarchopenjdk-17< 17.0.8+7-1~18.04UNKNOWN
ubuntu20.04noarchopenjdk-17< 17.0.8+7-1~20.04.2UNKNOWN
ubuntu22.04noarchopenjdk-17< 17.0.8+7-1~22.04UNKNOWN
ubuntu23.04noarchopenjdk-17< 17.0.8+7-1~23.04UNKNOWN
ubuntu23.04noarchopenjdk-20< 20.0.2+9+ds1-0ubuntu1~23.04UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	harfbuzz	< any	UNKNOWN
ubuntu	20.04	noarch	harfbuzz	< any	UNKNOWN
ubuntu	22.04	noarch	harfbuzz	< any	UNKNOWN
ubuntu	23.10	noarch	harfbuzz	< any	UNKNOWN
ubuntu	24.04	noarch	harfbuzz	< any	UNKNOWN
ubuntu	18.04	noarch	openjdk-17	< 17.0.8+7-1~18.04	UNKNOWN
ubuntu	20.04	noarch	openjdk-17	< 17.0.8+7-1~20.04.2	UNKNOWN
ubuntu	22.04	noarch	openjdk-17	< 17.0.8+7-1~22.04	UNKNOWN
ubuntu	23.04	noarch	openjdk-17	< 17.0.8+7-1~23.04	UNKNOWN
ubuntu	23.04	noarch	openjdk-20	< 20.0.2+9+ds1-0ubuntu1~23.04	UNKNOWN