Unrated severityNVD Advisory· Published Jun 22, 2022· Updated Aug 3, 2024
CVE-2022-33068
CVE-2022-33068
Description
An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
Affected products
20- Harfbuzz/Harfbuzzdescription
- osv-coords19 versionspkg:rpm/almalinux/harfbuzzpkg:rpm/almalinux/harfbuzz-develpkg:rpm/almalinux/harfbuzz-icupkg:rpm/opensuse/harfbuzz&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/harfbuzz&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/harfbuzz&distro=openSUSE%20Leap%20Micro%205.2pkg:rpm/opensuse/harfbuzz&distro=openSUSE%20Tumbleweedpkg:rpm/suse/harfbuzz&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/harfbuzz&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/harfbuzz&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/harfbuzz&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/harfbuzz&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/harfbuzz&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/harfbuzz&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/harfbuzz&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/harfbuzz&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/harfbuzz&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/harfbuzz&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/harfbuzz&distro=SUSE%20Manager%20Server%204.1
< 2.7.4-8.el9+ 18 more
- (no CPE)range: < 2.7.4-8.el9
- (no CPE)range: < 2.7.4-8.el9
- (no CPE)range: < 2.7.4-8.el9
- (no CPE)range: < 2.6.4-150200.3.3.1
- (no CPE)range: < 3.4.0-150400.3.3.1
- (no CPE)range: < 2.6.4-150200.3.3.1
- (no CPE)range: < 4.4.1-1.1
- (no CPE)range: < 2.6.4-150200.3.3.1
- (no CPE)range: < 2.6.4-150200.3.3.1
- (no CPE)range: < 2.6.4-150200.3.3.1
- (no CPE)range: < 2.6.4-150200.3.3.1
- (no CPE)range: < 2.6.4-150200.3.3.1
- (no CPE)range: < 3.4.0-150400.3.3.1
- (no CPE)range: < 2.6.4-150200.3.3.1
- (no CPE)range: < 2.6.4-150200.3.3.1
- (no CPE)range: < 2.6.4-150200.3.3.1
- (no CPE)range: < 2.6.4-150200.3.3.1
- (no CPE)range: < 2.6.4-150200.3.3.1
- (no CPE)range: < 2.6.4-150200.3.3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FQBJ24W6TXLSAQWCFW7IBGUMX4AJI3S4/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQMEXOVDL3T2UXKBCON7JSOCE646G7HG/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W56WTC5IY4EIUHVUIHMCXA3BSBZLSZCI/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/202209-11mitrevendor-advisoryx_refsource_GENTOO
- github.com/harfbuzz/harfbuzz/commit/62e803b36173fd096d7ad460dd1d1db9be542593mitrex_refsource_MISC
- github.com/harfbuzz/harfbuzz/issues/3557mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.