Known Vulnerabilities for products from Harfbuzz Project
Listed below are 6 of the newest known vulnerabilities associated with the vendor "Harfbuzz Project".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-25193 json | hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the... | 7.5 - HIGH | 2023-02-04 | 2023-11-07 |
| CVE-2022-33068 json | An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service... | 5.5 - MEDIUM | 2022-06-23 | 2023-11-07 |
| CVE-2021-45931 json | HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t| 6.5 - MEDIUM
|
2022-01-01
|
2023-11-07
|
|
| CVE-2016-2052 json | Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers ... | 7.6 - HIGH | 2016-01-25 | 2023-11-07 |
| CVE-2015-9274 json | HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) ... | 6.5 - MEDIUM | 2018-11-15 | 2018-12-18 |
| CVE-2015-8947 json | hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service (buffer over-read) o... | 7.6 - HIGH | 2016-07-19 | 2018-01-05 |
Known software with vulnerabilities from Harfbuzz Project
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Harfbuzz Project | Harfbuzz | 0.6.0 |