CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-25193 – harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks
https://notcve.org/view.php?id=CVE-2023-25193
04 Feb 2023 — hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the... • https://chromium.googlesource.com/chromium/src/+/e1f324aa681af54101c1f2d173d92adb80e37088/DEPS#361 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-33068 – harfbuzz: integer overflow in the component hb-ot-shape-fallback.cc
https://notcve.org/view.php?id=CVE-2022-33068
22 Jun 2022 — An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. Un desbordamiento de enteros en el componente hb-ot-shape-fallback.cc de Harfbuzz versión v4.3.0, permite a atacantes causar una Denegación de Servicio (DoS) por medio de vectores no especificados A vulnerability found in harfbuzz. An integer overflow in the hb-ot-shape-fallback.cc component allows attackers to cause a denial of service (DoS) via unspec... • https://github.com/harfbuzz/harfbuzz/commit/62e803b36173fd096d7ad460dd1d1db9be542593 • CWE-190: Integer Overflow or Wraparound •