Search CVE reports

Toggle filters

1 – 7 of 7 results

CVE-2024-56732

Medium priority

Some fixes available 2 of 5

HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function.

1 affected package

harfbuzz

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
harfbuzz Not affected Not affected Not affected Needs evaluation
Show less packages

CVE-2023-25193

Low priority

Some fixes available 18 of 25

hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.

13 affected packages

openjdk, openjdk-8, openjdk-9, openjdk-lts, openjdk-13...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openjdk Not in release Not in release Not in release Ignored
openjdk-8 Not affected Not affected Not affected Not affected
openjdk-9 Not in release Not in release Not in release Not in release
openjdk-lts Fixed Fixed Fixed Fixed
openjdk-13 Not in release Not in release Ignored Not in release
openjdk-16 Not in release Not in release Ignored Not in release
openjdk-17 Not affected Fixed Fixed Fixed
openjdk-18 Not in release Ignored Not in release Not in release
openjdk-19 Not in release Ignored Not in release Not in release
openjdk-20 Not in release Not in release Not in release Not in release
openjdk-21 Not affected Fixed Fixed Not in release
openjdk-22 Not in release Not in release Not in release
harfbuzz Not affected Fixed Fixed Needs evaluation
Show all 13 packages Show less packages

CVE-2022-33068

Medium priority

Some fixes available 8 of 30

An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.

13 affected packages

harfbuzz, icedtea-web, openjdk-12, openjdk-13, openjdk-15...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
harfbuzz Fixed Fixed Fixed Not affected
icedtea-web Not affected Not affected Not affected Not affected
openjdk-12 Not in release Not in release Not in release Not in release
openjdk-13 Not in release Not in release Not affected Not in release
openjdk-15 Not in release Not in release Not in release Not in release
openjdk-16 Not in release Not in release Not affected Not in release
openjdk-17 Not affected Not affected Not affected Not affected
openjdk-18 Not in release Not affected Not in release Not in release
openjdk-8 Not affected Not affected Not affected Not affected
openjdk-9 Not in release Not in release Not in release Not in release
openjdk-lts Not affected Not affected Not affected Not affected
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation
qt6-base Needs evaluation Needs evaluation
Show all 13 packages Show less packages

CVE-2021-45931

Medium priority
Not affected

HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t<hb_bit_set_invertible_t>::set and hb_set_copy).

1 affected package

harfbuzz

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
harfbuzz Not affected Not affected Not affected
Show less packages

CVE-2016-2052

Medium priority

Some fixes available 13 of 16

Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer...

3 affected packages

chromium-browser, harfbuzz, oxide-qt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
chromium-browser
harfbuzz
oxide-qt
Show less packages

CVE-2015-9274

Low priority
Fixed

HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to...

1 affected package

harfbuzz

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
harfbuzz Not affected Not affected Not affected
Show less packages

CVE-2015-8947

Medium priority

Some fixes available 2 of 3

hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data, a different vulnerability than CVE-2016-2052.

1 affected package

harfbuzz

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
harfbuzz
Show less packages