hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/25xxx/CVE-2023-25193.json",
"cna_assigner": "mitre"
}{
"source": [
"CPE_RANGE",
"REFERENCES"
],
"cpe": "cpe:2.3:a:harfbuzz_project:harfbuzz:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.0"
}
]
}"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-25193.json"
"2026-07-15T01:36:24Z"
[
{
"deprecated": false,
"signature_type": "Line",
"source": "https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc",
"digest": {
"line_hashes": [
"199082770400909606321589194843450527664",
"87419159144381551629992409665691100659",
"316516650934869293814167978590599149972",
"203275194265138133167303134542089474071"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "src/hb-ot-layout-gsubgpos.hh"
},
"id": "CVE-2023-25193-cb610f4e"
}
]