Search CVE reports
1 – 6 of 6 results
CVE-2023-25193
Low prioritySome fixes available 14 of 23
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
13 affected packages
harfbuzz, openjdk, openjdk-13, openjdk-16, openjdk-17...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| harfbuzz | Vulnerable | Vulnerable | Vulnerable | Needs evaluation | Not affected |
| openjdk | Not in release | Not in release | Not in release | Ignored | Ignored |
| openjdk-13 | Not in release | Not in release | Ignored | Not in release | Not in release |
| openjdk-16 | Not in release | Not in release | Ignored | Not in release | Not in release |
| openjdk-17 | Not affected | Fixed | Fixed | Fixed | Not in release |
| openjdk-18 | Not in release | Ignored | Not in release | Not in release | Not in release |
| openjdk-19 | Not in release | Ignored | Not in release | Not in release | Not in release |
| openjdk-20 | Not in release | Not in release | Not in release | Not in release | Not in release |
| openjdk-21 | Not affected | Fixed | Fixed | Not in release | Not in release |
| openjdk-22 | — | Not in release | Not in release | Not in release | Not in release |
| openjdk-8 | Not affected | Not affected | Not affected | Not affected | Not affected |
| openjdk-9 | Not in release | Not in release | Not in release | Not in release | Ignored |
| openjdk-lts | Fixed | Fixed | Fixed | Fixed | Not in release |
CVE-2022-33068
Medium prioritySome fixes available 6 of 24
An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
13 affected packages
harfbuzz, icedtea-web, openjdk-12, openjdk-13, openjdk-15...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| harfbuzz | Fixed | Fixed | Fixed | Not affected | Not affected |
| icedtea-web | Not affected | Not affected | Not affected | Not affected | Not affected |
| openjdk-12 | Not in release | Not in release | Not in release | Not in release | Not in release |
| openjdk-13 | Not in release | Not in release | Not affected | Not in release | Not in release |
| openjdk-15 | Not in release | Not in release | Not in release | Not in release | Not in release |
| openjdk-16 | Not in release | Not in release | Not affected | Not in release | Not in release |
| openjdk-17 | Not affected | Not affected | Not affected | Not affected | Not in release |
| openjdk-18 | Not in release | Not affected | Not in release | Not in release | Not in release |
| openjdk-8 | Not affected | Not affected | Not affected | Not affected | Not affected |
| openjdk-9 | Not in release | Not in release | Not in release | Not in release | Ignored |
| openjdk-lts | Not affected | Not affected | Not affected | Not affected | Not in release |
| qt6-base | Needs evaluation | Needs evaluation | — | — | — |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2021-45931
Medium priorityHarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t<hb_bit_set_invertible_t>::set and hb_set_copy).
1 affected packages
harfbuzz
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| harfbuzz | — | Not affected | Not affected | Not affected | Not affected |
CVE-2015-9274
Low priorityHarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to...
1 affected packages
harfbuzz
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| harfbuzz | — | Not affected | Not affected | Not affected | Fixed |
CVE-2015-8947
Medium prioritySome fixes available 2 of 3
hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data, a different vulnerability than CVE-2016-2052.
1 affected packages
harfbuzz
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| harfbuzz | — | — | — | — | Fixed |
CVE-2016-2052
Medium prioritySome fixes available 13 of 16
Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer...
3 affected packages
chromium-browser, harfbuzz, oxide-qt
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | — | — | — | — | Fixed |
| harfbuzz | — | — | — | — | Fixed |
| oxide-qt | — | — | — | — | Fixed |