Harfbuzz Project: >> Harfbuzz >> 4.3.0 Security Vulnerabilities
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-02-04
An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-06-23