CVE-2016-2052 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Harfbuzz
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer18 documents7 sources
Severity
7.6HIGHNVD
EPSS
0.4%
top 38.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 25
Latest updateMay 17
Description
Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc, a different issue than CVE-2015-8947.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:HExploitability: 2.8 | Impact: 4.7
Affected Packages5 packages
🔴Vulnerability Details
6📋Vendor Advisories
6Debian▶
CVE-2016-2052: harfbuzz - Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google...↗2016
💬Community
4Bugzilla▶
CVE-2015-8947 CVE-2016-2052 harfbuzz: chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6 [epel-7]↗2016-07-21
Bugzilla▶
CVE-2015-8947 CVE-2016-2052 mingw-harfbuzz: chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6 [fedora-all]↗2016-07-21
Bugzilla▶
CVE-2015-8947 CVE-2016-2052 harfbuzz: chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6 [fedora-all]↗2016-07-21
Bugzilla▶
CVE-2016-2052 CVE-2015-8947 chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6↗2016-01-25