High severity7.6NVD Advisory· Published Jan 25, 2016· Updated Jun 17, 2026
CVE-2016-2052
CVE-2016-2052
Description
Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc, a different issue than CVE-2015-8947.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
40cpe:2.3:a:harfbuzz_project:harfbuzz:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:harfbuzz_project:harfbuzz:*:*:*:*:*:*:*:*range: <=1.0.5
- (no CPE)range: <1.0.6
- osv-coords36 versionspkg:rpm/suse/libixion&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/libixion&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/libixion&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/libixion&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/libixion&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP2pkg:rpm/suse/libixion&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3pkg:rpm/suse/libmwaw&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/libmwaw&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/libmwaw&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/libmwaw&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/libmwaw&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP2pkg:rpm/suse/libmwaw&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3pkg:rpm/suse/liborcus&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/liborcus&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/liborcus&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/liborcus&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/liborcus&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP2pkg:rpm/suse/liborcus&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3pkg:rpm/suse/libreoffice&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/libreoffice&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/libreoffice&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/libreoffice&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/libreoffice&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP2pkg:rpm/suse/libreoffice&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3pkg:rpm/suse/libstaroffice&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/libstaroffice&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/libstaroffice&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP2pkg:rpm/suse/libstaroffice&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3pkg:rpm/suse/libzmf&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/libzmf&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/libzmf&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP2pkg:rpm/suse/libzmf&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3pkg:rpm/suse/myspell-dictionaries&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/myspell-dictionaries&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/myspell-dictionaries&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP2pkg:rpm/suse/myspell-dictionaries&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3
< 0.12.1-12.1+ 35 more
- (no CPE)range: < 0.12.1-12.1
- (no CPE)range: < 0.12.1-13.2.1
- (no CPE)range: < 0.12.1-12.1
- (no CPE)range: < 0.12.1-13.2.1
- (no CPE)range: < 0.12.1-12.1
- (no CPE)range: < 0.12.1-13.2.1
- (no CPE)range: < 0.3.11-9.1
- (no CPE)range: < 0.3.11-7.5.1
- (no CPE)range: < 0.3.11-9.1
- (no CPE)range: < 0.3.11-7.5.1
- (no CPE)range: < 0.3.11-9.1
- (no CPE)range: < 0.3.11-7.5.1
- (no CPE)range: < 0.12.1-12.1
- (no CPE)range: < 0.12.1-10.5.1
- (no CPE)range: < 0.12.1-12.1
- (no CPE)range: < 0.12.1-10.5.1
- (no CPE)range: < 0.12.1-12.1
- (no CPE)range: < 0.12.1-10.5.1
- (no CPE)range: < 5.3.3.2-40.5.9
- (no CPE)range: < 5.3.5.2-43.5.4
- (no CPE)range: < 5.3.3.2-40.5.9
- (no CPE)range: < 5.3.5.2-43.5.4
- (no CPE)range: < 5.3.3.2-40.5.9
- (no CPE)range: < 5.3.5.2-43.5.4
- (no CPE)range: < 0.0.3-2.1
- (no CPE)range: < 0.0.3-4.1
- (no CPE)range: < 0.0.3-2.1
- (no CPE)range: < 0.0.3-4.1
- (no CPE)range: < 0.0.1-2.1
- (no CPE)range: < 0.0.1-4.1
- (no CPE)range: < 0.0.1-2.1
- (no CPE)range: < 0.0.1-4.1
- (no CPE)range: < 20170511-15.1
- (no CPE)range: < 20170511-16.2.1
- (no CPE)range: < 20170511-15.1
- (no CPE)range: < 20170511-16.2.1
Patches
Vulnerability mechanics
References
12- googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.htmlnvd
- lists.opensuse.org/opensuse-updates/2016-08/msg00070.htmlnvd
- rhn.redhat.com/errata/RHSA-2016-0072.htmlnvd
- www.securityfocus.com/bid/81812nvd
- www.securitytracker.com/id/1034801nvd
- www.ubuntu.com/usn/USN-2877-1nvd
- www.ubuntu.com/usn/USN-3067-1nvd
- code.google.com/p/chromium/issues/detailnvd
- code.google.com/p/chromium/issues/detailnvd
- github.com/behdad/harfbuzz/commit/63ef0b41dc48d6112d1918c1b1de9de8ea90adb5nvd
- github.com/behdad/harfbuzz/issues/139nvd
- security.gentoo.org/glsa/201701-76nvd
News mentions
0No linked articles in our index yet.