VulnerableCode Package Details - pkg:deb/debian/harfbuzz@6.0.0%2Bdfsg-3

Search for packages

Vulnerability	Summary	Fixed by
VCID-ys8a-mjj8-aaag Aliases: CVE-2023-25193	Allocation of Resources Without Limits or Throttling hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.	8.0.1-1 Affected by 0 other vulnerabilities. 8.3.0-2 Affected by 0 other vulnerabilities. 9.0.0-1 Affected by 0 other vulnerabilities. 10.1.0-1 Affected by 0 other vulnerabilities. 10.2.0-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-ys8a-mjj8-aaag
Aliases:
CVE-2023-25193

Allocation of Resources Without Limits or Throttling hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.

8.0.1-1
Affected by 0 other vulnerabilities.

8.3.0-2
Affected by 0 other vulnerabilities.

9.0.0-1
Affected by 0 other vulnerabilities.

10.1.0-1
Affected by 0 other vulnerabilities.

10.2.0-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3mw2-ar52-aaam	An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.	CVE-2022-33068

Vulnerability

Summary

Aliases

VCID-3mw2-ar52-aaam

An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.

CVE-2022-33068

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T07:05:38.815157+00:00	Debian Importer	Fixing	VCID-3mw2-ar52-aaam	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-21T04:51:30.610937+00:00	Debian Importer	Affected by	VCID-ys8a-mjj8-aaag	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-21T01:13:28.101138+00:00	Debian Importer	Affected by	VCID-ys8a-mjj8-aaag	None	36.1.3
2025-06-20T21:28:53.475602+00:00	Debian Importer	Fixing	VCID-3mw2-ar52-aaam	None	36.1.3
2025-04-05T04:21:53.648060+00:00	Debian Importer	Fixing	VCID-3mw2-ar52-aaam	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-04T07:40:50.041167+00:00	Debian Importer	Affected by	VCID-ys8a-mjj8-aaag	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-04T03:57:22.465352+00:00	Debian Importer	Affected by	VCID-ys8a-mjj8-aaag	None	36.0.0
2025-04-04T00:06:15.975274+00:00	Debian Importer	Fixing	VCID-3mw2-ar52-aaam	None	36.0.0
2025-02-21T09:47:19.477863+00:00	Debian Importer	Affected by	VCID-ys8a-mjj8-aaag	None	35.1.0
2025-02-21T09:47:18.071283+00:00	Debian Importer	Affected by	VCID-ys8a-mjj8-aaag	https://security-tracker.debian.org/tracker/data/json	35.1.0
2025-02-20T22:37:12.377011+00:00	Debian Importer	Fixing	VCID-3mw2-ar52-aaam	https://security-tracker.debian.org/tracker/data/json	35.1.0
2025-02-20T22:37:11.702132+00:00	Debian Importer	Fixing	VCID-3mw2-ar52-aaam	None	35.1.0
2024-11-23T23:29:31.628693+00:00	Debian Importer	Affected by	VCID-ys8a-mjj8-aaag	https://security-tracker.debian.org/tracker/data/json	35.0.0
2024-11-23T14:46:14.119749+00:00	Debian Importer	Fixing	VCID-3mw2-ar52-aaam	https://security-tracker.debian.org/tracker/data/json	35.0.0
2024-10-10T21:13:40.350887+00:00	Debian Importer	Affected by	VCID-ys8a-mjj8-aaag	https://security-tracker.debian.org/tracker/data/json	34.0.2
2024-10-10T12:29:43.819941+00:00	Debian Importer	Fixing	VCID-3mw2-ar52-aaam	https://security-tracker.debian.org/tracker/data/json	34.0.2
2024-09-20T02:14:35.488041+00:00	Debian Importer	Affected by	VCID-ys8a-mjj8-aaag	https://security-tracker.debian.org/tracker/data/json	34.0.1
2024-09-19T19:03:33.911578+00:00	Debian Importer	Fixing	VCID-3mw2-ar52-aaam	https://security-tracker.debian.org/tracker/data/json	34.0.1
2024-04-26T02:07:50.483053+00:00	Debian Importer	Affected by	VCID-ys8a-mjj8-aaag	https://security-tracker.debian.org/tracker/data/json	34.0.0rc4
2024-04-26T02:07:48.783906+00:00	Debian Importer	Affected by	VCID-ys8a-mjj8-aaag	None	34.0.0rc4
2024-04-25T15:56:44.470963+00:00	Debian Importer	Fixing	VCID-3mw2-ar52-aaam	https://security-tracker.debian.org/tracker/data/json	34.0.0rc4
2024-04-25T15:56:43.699550+00:00	Debian Importer	Fixing	VCID-3mw2-ar52-aaam	None	34.0.0rc4
2024-01-12T12:06:38.543512+00:00	Debian Importer	Affected by	VCID-ys8a-mjj8-aaag	https://security-tracker.debian.org/tracker/data/json	34.0.0rc2
2024-01-12T12:06:36.696626+00:00	Debian Importer	Affected by	VCID-ys8a-mjj8-aaag	None	34.0.0rc2
2024-01-11T18:47:39.860840+00:00	Debian Importer	Fixing	VCID-3mw2-ar52-aaam	https://security-tracker.debian.org/tracker/data/json	34.0.0rc2
2024-01-11T18:47:35.971359+00:00	Debian Importer	Fixing	VCID-3mw2-ar52-aaam	None	34.0.0rc2
2024-01-05T08:08:03.315207+00:00	Debian Importer	Affected by	VCID-ys8a-mjj8-aaag	https://security-tracker.debian.org/tracker/data/json	34.0.0rc1
2024-01-05T08:08:01.804091+00:00	Debian Importer	Affected by	VCID-ys8a-mjj8-aaag	None	34.0.0rc1
2024-01-05T02:40:36.424199+00:00	Debian Importer	Fixing	VCID-3mw2-ar52-aaam	https://security-tracker.debian.org/tracker/data/json	34.0.0rc1
2024-01-05T02:40:32.908016+00:00	Debian Importer	Fixing	VCID-3mw2-ar52-aaam	None	34.0.0rc1

2025-06-21T07:05:38.815157+00:00

Debian Importer

Fixing

Next non-vulnerable version	10.2.0-1
Latest non-vulnerable version	10.2.0-1
Risk	3.4