INFSA-2024:2410: harfbuzz security update
Information about definition
Identificator: INFSA-2024:2410
Type: security
Release date: 2024-12-27 09:35:00 UTC
Information about package
HarfBuzz is an implementation of the OpenType Layout engine.
Vulnerabilities description
- CVE-2023-25193
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2023-25193
|
no information | 7.5 | no information |
Updated packages