Vulnerabilities > Harfbuzz Project > Harfbuzz > 2.9.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-04 | CVE-2023-25193 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. | 7.5 |
| 2022-01-01 | CVE-2021-45931 | Out-of-bounds Write vulnerability in multiple products HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t<hb_bit_set_invertible_t>::set and hb_set_copy). | 6.5 |