VulnerableCode Package Details - pkg:deb/debian/harfbuzz@2.7.4-1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/harfbuzz@2.7.4-1

Essentials
History (9)

purl	pkg:deb/debian/harfbuzz@2.7.4-1

Next non-vulnerable version	12.3.2-2
Latest non-vulnerable version	12.3.2-2
Risk	3.4

Vulnerabilities affecting this package (3)

Vulnerability	Summary	Fixed by
VCID-6bw4-j3xa-d3g4 Aliases: CVE-2022-33068	Multiple vulnerabilities have been discovered in HarfBuzz, the worst of which could result in arbitrary code execution.	6.0.0+dfsg-3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-rjd7-a91f-vkhs Aliases: CVE-2026-22693	harfbuzz: Null Pointer Dereference in harfbuzz	12.3.2-2 Affected by 0 other vulnerabilities.
VCID-zzcp-hvdf-zqgf Aliases: CVE-2023-25193	Allocation of Resources Without Limits or Throttling hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.	10.2.0-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T11:00:19.168644+00:00	Debian Importer	Affected by	VCID-zzcp-hvdf-zqgf	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:24:26.580087+00:00	Debian Importer	Affected by	VCID-6bw4-j3xa-d3g4	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:40:38.089840+00:00	Debian Importer	Affected by	VCID-rjd7-a91f-vkhs	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T07:28:07.659642+00:00	Debian Importer	Affected by	VCID-zzcp-hvdf-zqgf	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:16:44.453925+00:00	Debian Importer	Affected by	VCID-6bw4-j3xa-d3g4	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:49:58.019377+00:00	Debian Importer	Affected by	VCID-rjd7-a91f-vkhs	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-08T18:57:49.484225+00:00	Debian Importer	Affected by	VCID-zzcp-hvdf-zqgf	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-04T18:03:29.180376+00:00	Debian Importer	Affected by	VCID-6bw4-j3xa-d3g4	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-04T15:57:54.897704+00:00	Debian Importer	Affected by	VCID-rjd7-a91f-vkhs	https://security-tracker.debian.org/tracker/data/json	38.1.0