Harfbuzz vulnerabilities
2 known vulnerabilities affecting harfbuzz/harfbuzz.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2026-22693MEDIUMCVSS 5.3fixed in 12.3.02026-01-10
CVE-2026-22693 [MEDIUM] CWE-476 CVE-2026-22693: HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability
HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hb_malloc returns NULL before using placement new to construct an object at the returned pointer address. When hb_malloc fails to
nvd
CVE-2024-56732CRITICALCVSS 9.3v>= 8.5.0, <= 10.0.12024-12-27
CVE-2024-56732 [CRITICAL] CWE-122 CVE-2024-56732: HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer
HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function.
nvd