Harfbuzz Project

Harfbuzz

8 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 0.38%
  • Veröffentlicht 10.01.2026 05:53:21
  • Zuletzt bearbeitet 18.02.2026 17:49:22

HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hb_malloc returns NULL before...

Exploit
  • EPSS 0.64%
  • Veröffentlicht 27.12.2024 20:15:23
  • Zuletzt bearbeitet 25.06.2026 15:32:53

HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function.

  • EPSS 1.81%
  • Veröffentlicht 04.02.2023 20:15:08
  • Zuletzt bearbeitet 25.03.2025 21:15:41

hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.

Exploit
  • EPSS 1.14%
  • Veröffentlicht 23.06.2022 17:15:14
  • Zuletzt bearbeitet 21.11.2024 07:07:30

An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.

Exploit
  • EPSS 1.78%
  • Veröffentlicht 01.01.2022 01:15:08
  • Zuletzt bearbeitet 21.11.2024 06:33:17

HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t<hb_bit_set_invertible_t>::set and hb_set_copy).

  • EPSS 1.54%
  • Veröffentlicht 15.11.2018 06:29:00
  • Zuletzt bearbeitet 21.11.2024 02:40:13

HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layo...

  • EPSS 2.45%
  • Veröffentlicht 19.07.2016 10:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data, a different vulnerability than CVE-2016-2052.

  • EPSS 0.96%
  • Veröffentlicht 25.01.2016 11:59:10
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting ...