CVE-2023-25193

Опубликовано: 04 фев. 2023

Источник: debian

EPSS Низкий

Описание

hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
harfbuzz	fixed	8.0.0-1		package
harfbuzz	no-dsa		bookworm	package
harfbuzz	no-dsa		bullseye	package
harfbuzz	no-dsa		buster	package

Примечания

Original fix: https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc
Reverted: https://github.com/harfbuzz/harfbuzz/commit/661050b4659ee490dfe622821bc7fde7d1c40510
Fixed by: https://github.com/harfbuzz/harfbuzz/commit/8708b9e081192786c027bb7f5f23d76dbe5c19e8 (7.0.0)

EPSS

Процентиль: 17%

0.00055

Низкий

Связанные уязвимости

CVE-2023-25193

CVSS3: 7.5

ubuntu

больше 2 лет назад

hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.

CVE-2023-25193

CVSS3: 7.5

redhat

больше 2 лет назад

hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.

CVE-2023-25193

CVSS3: 7.5

nvd

больше 2 лет назад

hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.

CVE-2023-25193

CVSS3: 7.5

msrc

больше 2 лет назад

Описание отсутствует

SUSE-SU-2023:1852-1

suse-cvrf

около 2 лет назад

Security update for harfbuzz

EPSS

Процентиль: 17%

0.00055

Низкий