Harfbuzz Project: >> Harfbuzz >> 1.0.5 Security Vulnerabilities
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-02-04
Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc, a different issue than CVE-2015-8947.
CVSS Score
7.6
EPSS Score
0.005
Published
2016-01-25