Filtered by vendor Harfbuzz Project
Subscriptions
Filtered by product Harfbuzz
Subscriptions
Total
6 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-25193 | 3 Fedoraproject, Harfbuzz Project, Redhat | 8 Fedora, Harfbuzz, Enterprise Linux and 5 more | 2024-11-21 | 7.5 High |
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. | ||||
CVE-2022-33068 | 3 Fedoraproject, Harfbuzz Project, Redhat | 3 Fedora, Harfbuzz, Enterprise Linux | 2024-11-21 | 5.5 Medium |
An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | ||||
CVE-2021-45931 | 2 Fedoraproject, Harfbuzz Project | 2 Fedora, Harfbuzz | 2024-11-21 | 6.5 Medium |
HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t<hb_bit_set_invertible_t>::set and hb_set_copy). | ||||
CVE-2016-2052 | 3 Google, Harfbuzz Project, Redhat | 3 Chrome, Harfbuzz, Rhel Extras | 2024-11-21 | N/A |
Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc, a different issue than CVE-2015-8947. | ||||
CVE-2015-9274 | 1 Harfbuzz Project | 1 Harfbuzz | 2024-11-21 | N/A |
HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh. | ||||
CVE-2015-8947 | 2 Harfbuzz Project, Redhat | 2 Harfbuzz, Rhel Extras | 2024-11-21 | N/A |
hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data, a different vulnerability than CVE-2016-2052. |
Page 1 of 1.