Harfbuzz

harfbuzz

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-22693 1Harfbuzz Project 1Harfbuzz Feb 18, 2026 Jan 10, 2026 N/A· v4 5.3 MEDIUM· v3 N/A· v2 HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if...Show more HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hb_malloc returns NULL before using placement new to construct an object at the returned pointer address. When hb_malloc fails to allocate memory (which can occur in low-memory conditions or when using custom allocators that simulate allocation failures), it returns NULL. The code then attempts to call the constructor on this null pointer using placement new syntax, resulting in undefined behavior and a Segmentation Fault. This issue has been patched in version 12.3.0.Show less
CVE-2023-25193 2Fedoraproject Harfbuzz Project 2Fedora Harfbuzz Mar 25, 2025 Feb 4, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
CVE-2022-33068 2Fedoraproject Harfbuzz Project 2Fedora Harfbuzz Nov 21, 2024 Jun 23, 2022 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
CVE-2021-45931 2Fedoraproject Harfbuzz Project 2Fedora Harfbuzz Nov 21, 2024 Jan 1, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t<hb_bit_set_invertible_t>::set and hb_set_copy).
CVE-2015-9274 1Harfbuzz Project 1Harfbuzz Nov 21, 2024 Nov 15, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout...Show more HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh.Show less
CVE-2015-8947 1Harfbuzz Project 1Harfbuzz May 6, 2026 Jul 19, 2016 N/A· v4 7.6 HIGH· v3 7.5 HIGH· v2 hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data, a different vulnerability than CVE-2...Show more hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data, a different vulnerability than CVE-2016-2052.Show less
CVE-2016-2052 2Google Harfbuzz Project 2Chrome Harfbuzz May 6, 2026 Jan 25, 2016 N/A· v4 7.6 HIGH· v3 6.8 MEDIUM· v2 Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by...Show more Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc, a different issue than CVE-2015-8947.Show less