Harfbuzz Harfbuzzproject Harfbuzz

Do you want an email whenever new security vulnerabilities are reported in Harfbuzzproject Harfbuzz?

By the Year

In 2024 there have been 0 vulnerabilities in Harfbuzzproject Harfbuzz . Last year Harfbuzz had 1 security vulnerability published. Right now, Harfbuzz is on track to have less security vulnerabilities in 2024 than it did last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 1 7.50
2022 2 6.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Harfbuzz vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Harfbuzzproject Harfbuzz Security Vulnerabilities

hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0

CVE-2023-25193 7.5 - High - February 04, 2023

hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.

Allocation of Resources Without Limits or Throttling

An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0

CVE-2022-33068 5.5 - Medium - June 23, 2022

An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.

Integer Overflow or Wraparound

HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called

CVE-2021-45931 6.5 - Medium - January 01, 2022

HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t<hb_bit_set_invertible_t>::set and hb_set_copy).

Memory Corruption

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Fedora Project Fedora or by Harfbuzzproject? Click the Watch button to subscribe.

subscribe