CVE-2026-0943

Опубликовано: 19 янв. 2026

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability.

Versions before 0.032 contain HarfBuzz 8.4.0 or earlier bundled as hb_src.tar.gz in the source tarball, which is affected by CVE-2026-22693.

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=2429296
Third Party Advisory
https://metacpan.org/release/JV/HarfBuzz-Shaper-0.032/changes
Product
Release Notes
https://www.cve.org/CVERecord?id=CVE-2026-22693
VDB Entry
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jv:harfbuzz\:\:shaper:*:*:*:*:*:perl:*:*

Версия до 0.032 (исключая)

EPSS

Процентиль: 34%

0.00141

Низкий

7.5 High

CVSS3

Дефекты

CWE-476

Связанные уязвимости

CVE-2026-0943

CVSS3: 7.5

ubuntu

3 месяца назад

HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability. Versions before 0.032 contain HarfBuzz 8.4.0 or earlier bundled as hb_src.tar.gz in the source tarball, which is affected by CVE-2026-22693.

CVE-2026-0943

CVSS3: 7.5

debian

3 месяца назад

HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled lib ...

GHSA-hmr2-524c-vv28

CVSS3: 7.5

github

3 месяца назад

EPSS

Процентиль: 34%

0.00141

Низкий

7.5 High

CVSS3

Дефекты

CWE-476