High severity8.8OSV Advisory· Published Dec 27, 2024· Updated Apr 15, 2026
CVE-2024-56732
CVE-2024-56732
Description
HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function.
Affected products
410.0.0, 10.0.1, 10.1.0, …+ 1 more
- (no CPE)range: 10.0.0, 10.0.1, 10.1.0, …
- (no CPE)range: >=8.5.0 <=10.0.1
- osv-coords2 versionspkg:deb/ubuntu/harfbuzz@9.0.0-1ubuntu0.1?arch=source&distro=oracularpkg:rpm/opensuse/harfbuzz&distro=openSUSE%20Tumbleweed
< 9.0.0-1ubuntu0.1+ 1 more
- (no CPE)range: < 9.0.0-1ubuntu0.1
- (no CPE)range: < 10.1.0-2.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.