VYPR
Unrated severityOSV Advisory· Published Jan 19, 2026· Updated Jan 20, 2026

HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability

CVE-2026-0943

Description

HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability.

Versions before 0.032 contain HarfBuzz 8.4.0 or earlier bundled as hb_src.tar.gz in the source tarball, which is affected by CVE-2026-22693.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • R0.001, R0.011, R0.012, …+ 1 more
    • (no CPE)range: R0.001, R0.011, R0.012, …
    • (no CPE)range: <0.032

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.