VulnerableCode Package Details - pkg:deb/debian/harfbuzz@0.9.35-2

Search for packages

Vulnerability	Summary	Fixed by
VCID-5jvr-vkuy-aaak Aliases: CVE-2015-8947	hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data, a different vulnerability than CVE-2016-2052.	1.4.2-1 Affected by 0 other vulnerabilities.
VCID-6vn4-qb8q-aaag Aliases: CVE-2016-2052	Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc, a different issue than CVE-2015-8947.	1.4.2-1 Affected by 0 other vulnerabilities.
VCID-zzvd-9m2y-aaaa Aliases: CVE-2015-9274	HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh.	1.4.2-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-5jvr-vkuy-aaak
Aliases:
CVE-2015-8947

hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data, a different vulnerability than CVE-2016-2052.

1.4.2-1
Affected by 0 other vulnerabilities.

VCID-6vn4-qb8q-aaag
Aliases:
CVE-2016-2052

Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc, a different issue than CVE-2015-8947.

1.4.2-1
Affected by 0 other vulnerabilities.

VCID-zzvd-9m2y-aaaa
Aliases:
CVE-2015-9274

HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh.

1.4.2-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T16:28:02.959991+00:00	Debian Oval Importer	Affected by	VCID-6vn4-qb8q-aaag	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T16:26:44.528262+00:00	Debian Oval Importer	Affected by	VCID-zzvd-9m2y-aaaa	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T11:52:59.704475+00:00	Debian Oval Importer	Affected by	VCID-5jvr-vkuy-aaak	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T00:24:48.688079+00:00	Debian Oval Importer	Affected by	VCID-5jvr-vkuy-aaak	None	36.1.3
2025-06-20T23:23:13.385590+00:00	Debian Oval Importer	Affected by	VCID-6vn4-qb8q-aaag	None	36.1.3
2025-06-20T23:22:03.292220+00:00	Debian Oval Importer	Affected by	VCID-zzvd-9m2y-aaaa	None	36.1.3
2025-06-08T12:55:31.449506+00:00	Debian Oval Importer	Affected by	VCID-zzvd-9m2y-aaaa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T12:46:31.220299+00:00	Debian Oval Importer	Affected by	VCID-5jvr-vkuy-aaak	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T09:13:57.606222+00:00	Debian Oval Importer	Affected by	VCID-6vn4-qb8q-aaag	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T09:12:39.184389+00:00	Debian Oval Importer	Affected by	VCID-zzvd-9m2y-aaaa	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T05:05:51.164785+00:00	Debian Oval Importer	Affected by	VCID-5jvr-vkuy-aaak	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-07T17:47:36.245167+00:00	Debian Oval Importer	Affected by	VCID-5jvr-vkuy-aaak	None	36.1.0
2025-06-07T16:46:07.189434+00:00	Debian Oval Importer	Affected by	VCID-6vn4-qb8q-aaag	None	36.1.0
2025-06-07T16:44:58.631137+00:00	Debian Oval Importer	Affected by	VCID-zzvd-9m2y-aaaa	None	36.1.0
2025-04-12T21:15:22.761890+00:00	Debian Oval Importer	Affected by	VCID-6vn4-qb8q-aaag	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T18:42:45.310690+00:00	Debian Oval Importer	Affected by	VCID-zzvd-9m2y-aaaa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T18:33:25.375954+00:00	Debian Oval Importer	Affected by	VCID-5jvr-vkuy-aaak	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-08T07:45:55.447899+00:00	Debian Oval Importer	Affected by	VCID-6vn4-qb8q-aaag	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T07:44:35.028052+00:00	Debian Oval Importer	Affected by	VCID-zzvd-9m2y-aaaa	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T03:36:46.224373+00:00	Debian Oval Importer	Affected by	VCID-5jvr-vkuy-aaak	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-07T16:24:04.276934+00:00	Debian Oval Importer	Affected by	VCID-5jvr-vkuy-aaak	None	36.0.0
2025-04-07T15:18:43.985473+00:00	Debian Oval Importer	Affected by	VCID-6vn4-qb8q-aaag	None	36.0.0
2025-04-07T15:17:31.921851+00:00	Debian Oval Importer	Affected by	VCID-zzvd-9m2y-aaaa	None	36.0.0