CVEDB API

HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t<hb_bit_set_invertible_t>::set and hb_set_copy).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 37.4%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.3

References

Products affected by CVE-2021-45931

Harfbuzz Project » Harfbuzz » Version: 2.9.0

cpe:2.3:a:harfbuzz_project:harfbuzz:2.9.0
Fedoraproject » Fedora » Version: 34

cpe:2.3:o:fedoraproject:fedora:34
Fedoraproject » Fedora » Version: 35

cpe:2.3:o:fedoraproject:fedora:35