CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-25193 – harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks
https://notcve.org/view.php?id=CVE-2023-25193
04 Feb 2023 — hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the... • https://chromium.googlesource.com/chromium/src/+/e1f324aa681af54101c1f2d173d92adb80e37088/DEPS#361 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 2CVE-2021-45931 – Gentoo Linux Security Advisory 202209-11
https://notcve.org/view.php?id=CVE-2021-45931
31 Dec 2021 — HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t<hb_bit_set_invertible_t>::set and hb_set_copy). HarfBuzz versión 2.9.0, presenta una escritura fuera de límites en la función hb_bit_set_invertible_t::set (llamada desde hb_sparseset_t(hb_bit_set_invertible_t)::set y hb_set_copy). Multiple vulnerabilities have been discovered in HarfBuzz, the worst of which could result in arbitrary code execution. Versions less than 4.4.0 are affected. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37425 • CWE-787: Out-of-bounds Write •