VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Harfbuzz Project
>
Harfbuzz
> High
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2023-02-04
CVE-2023-25193
Allocation of Resources Without Limits or Throttling vulnerability in multiple products
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
network
low complexity
harfbuzz-project
fedoraproject
CWE-770
7.5
7.5
2016-07-19
CVE-2015-8947
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Harfbuzz Project Harfbuzz
hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data, a different vulnerability than CVE-2016-2052.
network
low complexity
harfbuzz-project
CWE-119
7.6
7.6
2016-01-25
CVE-2016-2052
Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc, a different issue than CVE-2015-8947.
network
low complexity
harfbuzz-project
google
7.6
7.6