Search CVE reports

Toggle filters

1 – 9 of 9 results

CVE-2026-0943

Medium priority
Needs evaluation

HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability. Versions before 0.032 contain HarfBuzz 8.4.0 or earlier bundled as hb_src.tar.gz in the source tarball,...

1 affected package

libharfbuzz-shaper-perl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libharfbuzz-shaper-perl Needs evaluation Not in release Not in release
Show less packages

CVE-2026-22693

Low priority
Vulnerable

HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hb_malloc...

1 affected package

harfbuzz

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
harfbuzz Not affected Vulnerable Not affected Not affected Not affected
Show less packages

CVE-2024-56732

Medium priority

Some fixes available 4 of 7

HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function.

1 affected package

harfbuzz

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
harfbuzz Fixed Not affected Not affected Not affected Needs evaluation
Show less packages

CVE-2023-25193

Low priority

Some fixes available 20 of 25

hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.

13 affected packages

harfbuzz, openjdk, openjdk-13, openjdk-16, openjdk-17...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
harfbuzz Not affected Not affected Fixed Fixed Needs evaluation
openjdk Not in release Not in release Not in release Not in release Ignored
openjdk-13 Not in release Not in release Not in release Ignored Not in release
openjdk-16 Not in release Not in release Not in release Ignored Not in release
openjdk-17 Not affected Not affected Fixed Fixed Fixed
openjdk-18 Not in release Not in release Ignored Not in release Not in release
openjdk-19 Not in release Not in release Not in release Not in release Not in release
openjdk-20 Not in release Not in release Not in release Not in release Not in release
openjdk-21 Not affected Not affected Fixed Fixed Not in release
openjdk-22 Not in release Not in release Not in release Not in release
openjdk-8 Not affected Not affected Not affected Not affected Not affected
openjdk-9 Not in release Not in release Not in release Not in release Not in release
openjdk-lts Fixed Fixed Fixed Fixed Fixed
Show all 13 packages Show less packages

CVE-2022-33068

Medium priority

Some fixes available 10 of 35

An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.

13 affected packages

harfbuzz, icedtea-web, openjdk-12, openjdk-13, openjdk-15...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
harfbuzz Fixed Fixed Fixed Fixed Not affected
icedtea-web Not affected Not affected Not affected Not affected Not affected
openjdk-12 Not in release Not in release Not in release Not in release Not in release
openjdk-13 Not in release Not in release Not in release Not affected Not in release
openjdk-15 Not in release Not in release Not in release Not in release Not in release
openjdk-16 Not in release Not in release Not in release Not affected Not in release
openjdk-17 Not affected Not affected Not affected Not affected Not affected
openjdk-18 Not in release Not in release Not affected Not in release Not in release
openjdk-8 Not affected Not affected Not affected Not affected Not affected
openjdk-9 Not in release Not in release Not in release Not in release Not in release
openjdk-lts Not affected Not affected Not affected Not affected Not affected
qt6-base Needs evaluation Needs evaluation Needs evaluation
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 13 packages Show less packages

CVE-2021-45931

Medium priority
Not affected

HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t<hb_bit_set_invertible_t>::set and hb_set_copy).

1 affected package

harfbuzz

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
harfbuzz Not affected Not affected Not affected
Show less packages

CVE-2015-9274

Low priority
Fixed

HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to...

1 affected package

harfbuzz

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
harfbuzz Not affected Not affected Not affected
Show less packages

CVE-2015-8947

Medium priority

Some fixes available 2 of 3

hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data, a different vulnerability than CVE-2016-2052.

1 affected package

harfbuzz

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
harfbuzz
Show less packages

CVE-2016-2052

Medium priority

Some fixes available 13 of 16

Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer...

3 affected packages

chromium-browser, harfbuzz, oxide-qt

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
chromium-browser
harfbuzz
oxide-qt
Show less packages