4 results (0.015 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-25193 – harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks

https://notcve.org/view.php?id=CVE-2023-25193

hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. • https://chromium.googlesource.com/chromium/src/+/e1f324aa681af54101c1f2d173d92adb80e37088/DEPS#361 https://github.com/harfbuzz/harfbuzz/blob/2822b589bc837fae6f66233e2cf2eef0f6ce8470/src/hb-ot-layout-gsubgpos.hh https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWCHWSICWVZSAXP2YAXM65JC2GR53547 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZ5M2GSAIHFPLHYJXUPQ2QDJCLWXUGO3 https://security.netapp • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-9274

https://notcve.org/view.php?id=CVE-2015-9274

HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh. HarfBuzz en versiones anteriores a la 1.0.4 permite que atacantes remotos provoquen una denegación de servicio (lectura inválida de dos bytes y cierre inesperado de la aplicación) debido a la mala gestión de las tablas GPOS y GSUB. Esto está relacionado con hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh y hb-ot-layout-gsubgpos-private.hh. • https://github.com/harfbuzz/harfbuzz/commit/c917965b9e6fe2b21ed6c51559673288fa3af4b7 • CWE-125: Out-of-bounds Read •

CVSS: 7.6EPSS: 3%CPEs: 1EXPL: 0

CVE-2015-8947 – chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6

https://notcve.org/view.php?id=CVE-2015-8947

hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data, a different vulnerability than CVE-2016-2052. Un desbordamiento de buffer en el comando FTP list (ls) en IIS permite a atacantes remotos provocar una denegación de servicio y, en algunos casos, ejecutar comandos arbitrarios. • http://lists.opensuse.org/opensuse-updates/2016-08/msg00070.html http://rhn.redhat.com/errata/RHSA-2016-0072.html http://www.securityfocus.com/bid/92039 http://www.ubuntu.com/usn/USN-3067-1 https://github.com/behdad/harfbuzz/commit/f96664974774bfeb237a7274f512f64aaafb201e https://github.com/behdad/harfbuzz/issues/139#issuecomment-146984679 https://lists.debian.org/debian-lts-announce/2019/12/msg00022.html https://security.gentoo.org/glsa/201701-76 https://access.redhat.com/security/cve/C • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-2052 – chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6

https://notcve.org/view.php?id=CVE-2016-2052

Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc, a different issue than CVE-2015-8947. Múltiples vulnerabilidades no especificadas en HarfBuzz en versiones anteriores a 1.0.6, tal como se utiliza en Google Chrome en versiones anteriores a 48.0.2564.82, permiten a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de datos manipulados, como se demuestra por una sobre lectura del buffer como resultado de una comprobación de longitud invertida en hb-ot-font.cc, una cuestión diferente de CVE-2015-8947. • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00070.html http://rhn.redhat.com/errata/RHSA-2016-0072.html http://www.securityfocus.com/bid/81812 http://www.securitytracker.com/id/1034801 http://www.ubuntu.com/usn/USN-2877-1 http://www.ubuntu.com/usn/USN-3067-1 https://code.google.com/p/chromium/issues/detail?id=544270 https://code.google.com/p/chromium/issues/detail?id=579625 https •