Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/harfbuzz@10.2.0-1
purl pkg:deb/debian/harfbuzz@10.2.0-1
Next non-vulnerable version 12.3.2-2
Latest non-vulnerable version 12.3.2-2
Risk 2.4
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-rjd7-a91f-vkhs
Aliases:
CVE-2026-22693
harfbuzz: Null Pointer Dereference in harfbuzz
12.3.2-2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-zzcp-hvdf-zqgf Allocation of Resources Without Limits or Throttling hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. CVE-2023-25193

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T11:00:19.175531+00:00 Debian Importer Fixing VCID-zzcp-hvdf-zqgf https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:40:38.097318+00:00 Debian Importer Affected by VCID-rjd7-a91f-vkhs https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T07:28:07.667332+00:00 Debian Importer Fixing VCID-zzcp-hvdf-zqgf https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T17:49:58.027069+00:00 Debian Importer Affected by VCID-rjd7-a91f-vkhs https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-08T18:57:49.493017+00:00 Debian Importer Fixing VCID-zzcp-hvdf-zqgf https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-04T15:57:54.908569+00:00 Debian Importer Affected by VCID-rjd7-a91f-vkhs https://security-tracker.debian.org/tracker/data/json 38.1.0