Debian Harfbuzz vulnerabilities

CVE-2026-22693 [MEDIUM] CVE-2026-22693: harfbuzz - HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer deref... HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hb_malloc returns NULL before using placement new to construct an object at the returned pointer address. When hb_malloc fails to allocate memor

CVE-2024-56732 [CRITICAL] CVE-2024-56732: harfbuzz - HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is ... HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 10.1.0-2) sid: resolved (fixed in 10.1.0-2) trixie: resolved (fixed in 10.1.0-2)

CVE-2023-25193 [HIGH] CVE-2023-25193: harfbuzz - hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O... hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 8.0.0-1) sid: resolved (fixed in 8.0.0-1) trixie: resolved (fixed in 8.0.0-1)

CVE-2022-33068 [MEDIUM] CVE-2022-33068: harfbuzz - An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 ... An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. Scope: local bookworm: resolved (fixed in 5.2.0-2) bullseye: open forky: resolved (fixed in 5.2.0-2) sid: resolved (fixed in 5.2.0-2) trixie: resolved (fixed in 5.2.0-2)

CVE-2021-45931 [MEDIUM] CVE-2021-45931: harfbuzz - HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (calle... HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t::set and hb_set_copy). Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2016-2052 [HIGH] CVE-2016-2052: harfbuzz - Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google... Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc, a different issue than CVE-2015-8947. Scope: local bookworm: resolved (

CVE-2015-8947 [HIGH] CVE-2015-8947: harfbuzz - hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to c... hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data, a different vulnerability than CVE-2016-2052. Scope: local bookworm: resolved (fixed in 1.2.6-1) bullseye: resolved (fixed in 1.2.6-1) forky: resolved (fixed in 1.2.6-1) sid: resolved (

CVE-2015-9274 [MEDIUM] CVE-2015-9274: harfbuzz - HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (inva... HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh. Scope: local bookworm: resolved (fixed in 1.2.6-1) bullseye: resolved (fixed in 1.2.6-1) fork