hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
References
Configurations
History
07 Nov 2023, 04:08
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
25 Jul 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Mar 2023, 05:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Feb 2023, 14:53
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc - Patch, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWCHWSICWVZSAXP2YAXM65JC2GR53547/ - Mailing List, Third Party Advisory | |
References | (MISC) https://github.com/harfbuzz/harfbuzz/blob/2822b589bc837fae6f66233e2cf2eef0f6ce8470/src/hb-ot-layout-gsubgpos.hh - Third Party Advisory | |
References | (MISC) https://chromium.googlesource.com/chromium/src/+/e1f324aa681af54101c1f2d173d92adb80e37088/DEPS#361 - Patch, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
First Time |
Harfbuzz Project
Fedoraproject Fedoraproject fedora Harfbuzz Project harfbuzz |
|
CPE | cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* cpe:2.3:a:harfbuzz_project:harfbuzz:*:*:*:*:*:*:*:* |
|
CWE | CWE-770 |
13 Feb 2023, 04:53
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Feb 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-04 20:15
Updated : 2023-12-10 14:48
NVD link : CVE-2023-25193
Mitre link : CVE-2023-25193
CVE.ORG link : CVE-2023-25193
JSON object : View
Products Affected
harfbuzz_project
- harfbuzz
fedoraproject
- fedora
CWE
CWE-770
Allocation of Resources Without Limits or Throttling