CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-25193 – harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks
https://notcve.org/view.php?id=CVE-2023-25193
04 Feb 2023 — hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the... • https://chromium.googlesource.com/chromium/src/+/e1f324aa681af54101c1f2d173d92adb80e37088/DEPS#361 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-9274 – Ubuntu Security Notice USN-5746-1
https://notcve.org/view.php?id=CVE-2015-9274
15 Nov 2018 — HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh. HarfBuzz en versiones anteriores a la 1.0.4 permite que atacantes remotos provoquen una denegación de servicio (lectura inválida de dos bytes y cierre inesperado de la aplicación) debido a la mala gestión de las tablas GPOS y GSUB. Esto e... • https://github.com/harfbuzz/harfbuzz/commit/c917965b9e6fe2b21ed6c51559673288fa3af4b7 • CWE-125: Out-of-bounds Read •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8947 – chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6
https://notcve.org/view.php?id=CVE-2015-8947
19 Jul 2016 — hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data, a different vulnerability than CVE-2016-2052. Un desbordamiento de buffer en el comando FTP list (ls) en IIS permite a atacantes remotos provocar una denegación de servicio y, en algunos casos, ejecutar comandos arbitrarios. Kostya Serebryany discovered that HarfBuzz incorrectly handled memory. A remote attacker could use this... • http://lists.opensuse.org/opensuse-updates/2016-08/msg00070.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2052 – chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6
https://notcve.org/view.php?id=CVE-2016-2052
25 Jan 2016 — Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc, a different issue than CVE-2015-8947. Múltiples vulnerabilidades no especificadas en HarfBuzz en versiones anteriores a 1.0.6, tal como se utiliza en Google Chrome en versiones anteriores a 48.0.2564.82, permiten a... • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html •