CVE-2023-41074

The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.

References

Affected packages

Git / github.com/harfbuzz/harfbuzz

Affected ranges

Type: GIT
Repo: https://github.com/harfbuzz/harfbuzz
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d5261f7234ab072a2aa1758ccfe37372df9927a9

Affected versions

0.*

0.6.0

0.9.1

0.9.10

0.9.11

0.9.12

0.9.13

0.9.14

0.9.15

0.9.16

0.9.17

0.9.18

0.9.19

0.9.2

0.9.20

0.9.21

0.9.22

0.9.23

0.9.24

0.9.25

0.9.26

0.9.27

0.9.28

0.9.29

0.9.3

0.9.30

0.9.31

0.9.32

0.9.33

0.9.34

0.9.35

0.9.36

0.9.37

0.9.38

0.9.39

0.9.4

0.9.40

0.9.41

0.9.42

0.9.5

0.9.6

0.9.7

0.9.8

0.9.9

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.1.0

1.1.1

1.1.2

1.1.3

1.2.0

1.2.1

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.2.7

1.3.0

1.3.1

1.3.2

1.3.3

1.3.4

1.4.0

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.4.7

1.4.8

1.5.0

1.5.1

1.6.0

1.6.1

1.6.2

1.6.3

1.7.0

1.7.1

1.7.2

1.7.3

1.7.4

1.7.5

1.7.6

1.7.7

1.8.0

1.8.1

1.8.2

1.8.3

1.8.4

1.8.5

1.8.6

1.8.7

1.8.8

1.9.0

2.*

2.0.0

2.0.1

2.0.2

2.1.0

2.1.1

2.1.2

2.1.3

2.2.0

2.3.0

2.3.1

2.4.0

2.5.0

2.5.1

2.5.2

2.5.3

2.6.0

2.6.1

2.6.2

2.6.3

2.6.4

2.6.5

2.6.6

2.6.7

2.6.8

2.7.0

2.7.1

2.7.2

2.7.3

2.7.4

2.8.0

2.8.1

2.8.2

2.9.0

2.9.1

3.*

3.0.0

3.1.0

3.1.1

3.1.2

3.2.0

3.3.0

3.3.1

3.3.2

3.4.0

4.*

4.0.0

4.0.1

4.1.0

4.2.0

4.2.1

4.3.0

4.4.0

4.4.1

5.*

5.0.0

5.0.1

5.1.0

5.2.0

5.3.0

5.3.1

6.*

6.0.0

7.*

7.0.0

7.0.1

7.1.0

7.2.0

7.3.0

8.*

8.0.0

8.0.1

8.1.0

8.1.1

8.2.0

8.2.1

8.2.2

8.3.0

8.3.1

8.4.0

8.5.0

9.*

9.0.0

Other

hb-rename

ng-mergepoint

ng-start

pango-extractpoint

pango-start

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-41074.json"