Unrated severityOSV Advisory· Published Jan 19, 2026· Updated Jan 20, 2026
HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability
CVE-2026-0943
Description
HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability.
Versions before 0.032 contain HarfBuzz 8.4.0 or earlier bundled as hb_src.tar.gz in the source tarball, which is affected by CVE-2026-22693.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2R0.001, R0.011, R0.012, …+ 1 more
- (no CPE)range: R0.001, R0.011, R0.012, …
- (no CPE)range: <0.032
Patches
Vulnerability mechanics
References
3- bugzilla.redhat.com/show_bug.cgimitreissue-tracking
- metacpan.org/release/JV/HarfBuzz-Shaper-0.032/changesmitrerelease-notes
- www.cve.org/CVERecordmitre
News mentions
0No linked articles in our index yet.