VulnerableCode Package Details - pkg:deb/debian/harfbuzz@10.2.0-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
VCID-rjd7-a91f-vkhs Aliases: CVE-2026-22693	harfbuzz: Null Pointer Dereference in harfbuzz	12.3.0-4 Affected by 0 other vulnerabilities. 12.3.2-2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-rjd7-a91f-vkhs
Aliases:
CVE-2026-22693

harfbuzz: Null Pointer Dereference in harfbuzz

12.3.0-4
Affected by 0 other vulnerabilities.

12.3.2-2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-5xxu-cjy5-ekdd	Multiple vulnerabilities have been found in HarfBuzz, the worst of which could allow remote attackers to cause a Denial of Service condition.	CVE-2015-8947
VCID-6bw4-j3xa-d3g4	Multiple vulnerabilities have been discovered in HarfBuzz, the worst of which could result in arbitrary code execution.	CVE-2022-33068
VCID-actq-bfzh-2kgk	Out-of-bounds Write HarfBuzz has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t<hb_bit_set_invertible_t>::set and hb_set_copy).	CVE-2021-45931
VCID-q2m7-9p65-cydk	HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function.	CVE-2024-56732
VCID-rnfc-n53j-9yfb	Multiple vulnerabilities have been found in HarfBuzz, the worst of which could allow remote attackers to cause a Denial of Service condition.	CVE-2016-2052
VCID-t142-dym5-nqba	harfbuzz: DoS due to GPOS and GSUB table mishandling	CVE-2015-9274
VCID-zzcp-hvdf-zqgf	Allocation of Resources Without Limits or Throttling hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.	CVE-2023-25193

Vulnerability

Summary

Aliases

VCID-5xxu-cjy5-ekdd

Multiple vulnerabilities have been found in HarfBuzz, the worst of which could allow remote attackers to cause a Denial of Service condition.

CVE-2015-8947

VCID-6bw4-j3xa-d3g4

Multiple vulnerabilities have been discovered in HarfBuzz, the worst of which could result in arbitrary code execution.

CVE-2022-33068

VCID-actq-bfzh-2kgk

Out-of-bounds Write HarfBuzz has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t<hb_bit_set_invertible_t>::set and hb_set_copy).

CVE-2021-45931

VCID-q2m7-9p65-cydk

HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function.

CVE-2024-56732

VCID-rnfc-n53j-9yfb

Multiple vulnerabilities have been found in HarfBuzz, the worst of which could allow remote attackers to cause a Denial of Service condition.

CVE-2016-2052

VCID-t142-dym5-nqba

harfbuzz: DoS due to GPOS and GSUB table mishandling

CVE-2015-9274

VCID-zzcp-hvdf-zqgf

Allocation of Resources Without Limits or Throttling hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.

CVE-2023-25193

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T11:40:38.635721+00:00	Debian Importer	Fixing	VCID-q2m7-9p65-cydk	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:56:35.684173+00:00	Debian Importer	Fixing	VCID-5xxu-cjy5-ekdd	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:16:08.446831+00:00	Debian Importer	Fixing	VCID-rnfc-n53j-9yfb	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:47:08.298833+00:00	Debian Importer	Fixing	VCID-actq-bfzh-2kgk	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:47:30.191458+00:00	Debian Importer	Fixing	VCID-t142-dym5-nqba	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T07:57:20.502527+00:00	Debian Importer	Fixing	VCID-q2m7-9p65-cydk	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:25:15.135200+00:00	Debian Importer	Fixing	VCID-5xxu-cjy5-ekdd	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:54:27.301656+00:00	Debian Importer	Fixing	VCID-rnfc-n53j-9yfb	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:32:09.985734+00:00	Debian Importer	Fixing	VCID-actq-bfzh-2kgk	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:54:22.793163+00:00	Debian Importer	Fixing	VCID-t142-dym5-nqba	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:26:26.773573+00:00	Debian Importer	Affected by	VCID-rjd7-a91f-vkhs	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:26:26.748484+00:00	Debian Importer	Fixing	VCID-q2m7-9p65-cydk	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:26:26.690340+00:00	Debian Importer	Fixing	VCID-zzcp-hvdf-zqgf	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:26:26.635855+00:00	Debian Importer	Fixing	VCID-6bw4-j3xa-d3g4	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:26:26.580118+00:00	Debian Importer	Fixing	VCID-actq-bfzh-2kgk	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:26:26.537988+00:00	Debian Importer	Fixing	VCID-rnfc-n53j-9yfb	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:26:26.497267+00:00	Debian Importer	Fixing	VCID-t142-dym5-nqba	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:26:26.456428+00:00	Debian Importer	Fixing	VCID-5xxu-cjy5-ekdd	https://security-tracker.debian.org/tracker/data/json	38.1.0