CVE-2016-2052

Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc, a different issue than CVE-2015-8947.

References

Affected packages

Git / github.com/harfbuzz/harfbuzz

Affected ranges

Type: GIT
Repo: https://github.com/harfbuzz/harfbuzz
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

63ef0b41dc48d6112d1918c1b1de9de8ea90adb5

Affected versions

0.*

0.6.0

0.9.1

0.9.10

0.9.11

0.9.12

0.9.13

0.9.14

0.9.15

0.9.16

0.9.17

0.9.18

0.9.19

0.9.2

0.9.20

0.9.21

0.9.22

0.9.23

0.9.24

0.9.25

0.9.26

0.9.27

0.9.28

0.9.29

0.9.3

0.9.30

0.9.31

0.9.32

0.9.33

0.9.34

0.9.35

0.9.36

0.9.37

0.9.38

0.9.39

0.9.4

0.9.40

0.9.41

0.9.42

0.9.5

0.9.6

0.9.7

0.9.8

0.9.9

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

Other

hb-rename

ng-mergepoint

ng-start

pango-extractpoint

pango-start

Database specific

vanir_signatures

[
    {
        "id": "CVE-2016-2052-43be66a2",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "src/hb-ot-font.cc"
        },
        "digest": {
            "line_hashes": [
                "234991419372377911147011784491808647681",
                "321153444090282685365951815766124566312",
                "86305156222949548068857325375416648651",
                "187202475723259998296423389636645701174"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/harfbuzz/harfbuzz/commit/63ef0b41dc48d6112d1918c1b1de9de8ea90adb5"
    }
]

Git / github.com/behdad/harfbuzz

Affected ranges

Type: GIT
Repo: https://github.com/behdad/harfbuzz
Events: Introduced

0 Unknown introduced commit / All previous commits are affected