rpm package
opensuse/harfbuzz&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/harfbuzz&distro=openSUSE%20Tumbleweed
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-22693 | — | < 12.3.0-2.1 | 12.3.0-2.1 | Jan 10, 2026 | HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hb_malloc returns NULL before using placement new to constr | ||
| CVE-2024-56732 | Hig | 8.8 | < 10.1.0-2.1 | 10.1.0-2.1 | Dec 27, 2024 | HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function. | |
| CVE-2023-25193 | — | < 6.0.0-2.1 | 6.0.0-2.1 | Feb 4, 2023 | hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. | ||
| CVE-2022-33068 | — | < 4.4.1-1.1 | 4.4.1-1.1 | Jun 22, 2022 | An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. |
- CVE-2026-22693Jan 10, 2026affected < 12.3.0-2.1fixed 12.3.0-2.1
HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hb_malloc returns NULL before using placement new to constr
- affected < 10.1.0-2.1fixed 10.1.0-2.1
HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function.
- CVE-2023-25193Feb 4, 2023affected < 6.0.0-2.1fixed 6.0.0-2.1
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
- CVE-2022-33068Jun 22, 2022affected < 4.4.1-1.1fixed 4.4.1-1.1
An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.