OESA-2023-1111
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1111
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2023-1111.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2023-1111
- Upstream
- Published
- 2023-02-21T11:04:56Z
- Modified
- 2025-08-12T05:18:49.200671Z
- Summary
- harfbuzz security update
- Details
-
HarfBuzz is a text-shaping engine. If you give HarfBuzz a font and a string containing a sequence of Unicode codepoints, HarfBuzz selects and positions the corresponding glyphs from the font, applying all of the necessary layout rules and font features. HarfBuzz then returns the string to you in the form that is correctly arranged for the language and writing system.
Security Fix(es):
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.(CVE-2023-25193)
- Database specific
{ "severity": "High" }- References
Affected packages
openEuler:22.03-LTS-SP1 / harfbuzz
Package
- Name
- harfbuzz
- Purl
- pkg:rpm/openEuler/harfbuzz&distro=openEuler-22.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.8.2-4.oe2203sp1
Ecosystem specific
{
"src": [
"harfbuzz-2.8.2-4.oe2203sp1.src.rpm"
],
"x86_64": [
"harfbuzz-debuginfo-2.8.2-4.oe2203sp1.x86_64.rpm",
"harfbuzz-2.8.2-4.oe2203sp1.x86_64.rpm",
"harfbuzz-debugsource-2.8.2-4.oe2203sp1.x86_64.rpm",
"harfbuzz-devel-2.8.2-4.oe2203sp1.x86_64.rpm"
],
"aarch64": [
"harfbuzz-debuginfo-2.8.2-4.oe2203sp1.aarch64.rpm",
"harfbuzz-2.8.2-4.oe2203sp1.aarch64.rpm",
"harfbuzz-debugsource-2.8.2-4.oe2203sp1.aarch64.rpm",
"harfbuzz-devel-2.8.2-4.oe2203sp1.aarch64.rpm"
],
"noarch": [
"harfbuzz-help-2.8.2-4.oe2203sp1.noarch.rpm"
]
}