Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Harfbuzz Project Subscribe
Filtered by product Harfbuzz
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-25193 2 Fedoraproject, Harfbuzz Project 2 Fedora, Harfbuzz 2023-03-13 N/A 7.5 HIGH
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
CVE-2022-33068 2 Fedoraproject, Harfbuzz Project 2 Fedora, Harfbuzz 2022-10-28 4.3 MEDIUM 5.5 MEDIUM
An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
CVE-2021-45931 2 Fedoraproject, Harfbuzz Project 2 Fedora, Harfbuzz 2022-10-28 4.3 MEDIUM 6.5 MEDIUM
HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t<hb_bit_set_invertible_t>::set and hb_set_copy).
CVE-2015-9274 1 Harfbuzz Project 1 Harfbuzz 2018-12-18 4.3 MEDIUM 6.5 MEDIUM
HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh.
CVE-2015-8947 1 Harfbuzz Project 1 Harfbuzz 2018-01-04 7.5 HIGH 7.6 HIGH
hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data, a different vulnerability than CVE-2016-2052.
CVE-2016-2052 2 Google, Harfbuzz Project 2 Chrome, Harfbuzz 2017-06-30 6.8 MEDIUM 7.6 HIGH
Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc, a different issue than CVE-2015-8947.