Harfbuzz Project » Harfbuzz : Security Vulnerabilities, CVEs,
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
Max CVSS
7.5
EPSS Score
0.17%
Published
2023-02-04
Updated
2023-07-25
An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
Max CVSS
5.5
EPSS Score
0.12%
Published
2022-06-23
Updated
2022-10-28
HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t<hb_bit_set_invertible_t>::set and hb_set_copy).
Max CVSS
6.5
EPSS Score
0.63%
Published
2022-01-01
Updated
2022-10-28
Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc, a different issue than CVE-2015-8947.
Max CVSS
7.6
EPSS Score
0.84%
Published
2016-01-25
Updated
2017-07-01
HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh.
Max CVSS
6.5
EPSS Score
0.14%
Published
2018-11-15
Updated
2018-12-18
hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data, a different vulnerability than CVE-2016-2052.
Max CVSS
7.6
EPSS Score
3.87%
Published
2016-07-19
Updated
2018-01-05
6 vulnerabilities found