Search CVE reports


Toggle filters

1 – 6 of 6 results


CVE-2023-25193

Low priority

Some fixes available 15 of 24

hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.

13 affected packages

harfbuzz, openjdk, openjdk-13, openjdk-16, openjdk-17...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
harfbuzz Not affected Vulnerable Vulnerable Needs evaluation Not affected
openjdk Not in release Not in release Not in release Ignored Ignored
openjdk-13 Not in release Not in release Ignored Not in release Not in release
openjdk-16 Not in release Not in release Ignored Not in release Not in release
openjdk-17 Not affected Fixed Fixed Fixed Not in release
openjdk-18 Not in release Ignored Not in release Not in release Not in release
openjdk-19 Not in release Ignored Not in release Not in release Not in release
openjdk-20 Not in release Not in release Not in release Not in release Not in release
openjdk-21 Not affected Fixed Fixed Not in release Not in release
openjdk-22 Not in release Not in release Not in release Not in release
openjdk-8 Not affected Not affected Not affected Not affected Not affected
openjdk-9 Not in release Not in release Not in release Not in release Ignored
openjdk-lts Fixed Fixed Fixed Fixed Not in release
Show all 13 packages Show less packages

CVE-2022-33068

Medium priority

Some fixes available 7 of 27

An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.

13 affected packages

harfbuzz, icedtea-web, openjdk-12, openjdk-13, openjdk-15...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
harfbuzz Fixed Fixed Fixed Not affected Not affected
icedtea-web Not affected Not affected Not affected Not affected Not affected
openjdk-12 Not in release Not in release Not in release Not in release Not in release
openjdk-13 Not in release Not in release Not affected Not in release Not in release
openjdk-15 Not in release Not in release Not in release Not in release Not in release
openjdk-16 Not in release Not in release Not affected Not in release Not in release
openjdk-17 Not affected Not affected Not affected Not affected Not in release
openjdk-18 Not in release Not affected Not in release Not in release Not in release
openjdk-8 Not affected Not affected Not affected Not affected Not affected
openjdk-9 Not in release Not in release Not in release Not in release Ignored
openjdk-lts Not affected Not affected Not affected Not affected Not in release
qt6-base Needs evaluation Needs evaluation
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 13 packages Show less packages

CVE-2021-45931

Medium priority
Not affected

HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t<hb_bit_set_invertible_t>::set and hb_set_copy).

1 affected package

harfbuzz

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
harfbuzz Not affected Not affected Not affected Not affected
Show less packages

CVE-2015-9274

Low priority
Fixed

HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to...

1 affected package

harfbuzz

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
harfbuzz Not affected Not affected Not affected Fixed
Show less packages

CVE-2015-8947

Medium priority

Some fixes available 2 of 3

hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data, a different vulnerability than CVE-2016-2052.

1 affected package

harfbuzz

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
harfbuzz Fixed
Show less packages

CVE-2016-2052

Medium priority

Some fixes available 13 of 16

Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer...

3 affected packages

chromium-browser, harfbuzz, oxide-qt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium-browser Fixed
harfbuzz Fixed
oxide-qt Fixed
Show less packages