Denial Of Service (DoS)

2023-02-0917:06:41

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

libharfbuzz.so

denial of service

vulnerability

o(n^2)

resource exhaustion

software

0.002 Low

EPSS

Percentile

56.6%

JSON

libharfbuzz.so is vulnerable to Denial of Service (DoS) attacks. A malicious user is able to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks, resulting in resource exhaustion.

CPENameOperatorVersion
libharfbuzz.sole0.60000.0
harfbuzzeq1.7.5__2.el7
harfbuzzeq1.7.5__3.el8
harfbuzzeq1.3.2__1.el7
java-17-openjdkeq17.0.0.0.35__5.el8
java-17-openjdkeq17.0.5.0.8__2.el8
java-17-openjdkeq17.0.3.0.7__1.el8
java-17-openjdkeq17.0.0.0.26__0.2.ea.el8
java-17-openjdkeq17.0.0.0.35__3.el8
java-17-openjdkeq17.0.3.0.7__2.el8

Name	Operator	Version
libharfbuzz.so	le	0.60000.0
harfbuzz	eq	1.7.5__2.el7
harfbuzz	eq	1.7.5__3.el8
harfbuzz	eq	1.3.2__1.el7
java-17-openjdk	eq	17.0.0.0.35__5.el8
java-17-openjdk	eq	17.0.5.0.8__2.el8
java-17-openjdk	eq	17.0.3.0.7__1.el8
java-17-openjdk	eq	17.0.0.0.26__0.2.ea.el8
java-17-openjdk	eq	17.0.0.0.35__3.el8
java-17-openjdk	eq	17.0.3.0.7__2.el8