Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2026:0287-1

Опубликовано: 23 янв. 2026
Источник: suse-cvrf

Описание

Security update for harfbuzz

This update for harfbuzz fixes the following issues:

  • CVE-2026-22693: Fixed a NULL pointer dereference in SubtableUnicodesCache::create (bsc#1256459).

Список пакетов

Container suse/kiosk/pulseaudio:latest
libharfbuzz0-8.3.0-150600.3.3.1
Image SLES15-SP7-SAP-BYOS-EC2
libharfbuzz0-8.3.0-150600.3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP7
harfbuzz-devel-8.3.0-150600.3.3.1
libharfbuzz-cairo0-8.3.0-150600.3.3.1
libharfbuzz-gobject0-8.3.0-150600.3.3.1
libharfbuzz-icu0-8.3.0-150600.3.3.1
libharfbuzz-subset0-8.3.0-150600.3.3.1
libharfbuzz0-8.3.0-150600.3.3.1
libharfbuzz0-32bit-8.3.0-150600.3.3.1
typelib-1_0-HarfBuzz-0_0-8.3.0-150600.3.3.1
openSUSE Leap 15.6
harfbuzz-devel-8.3.0-150600.3.3.1
harfbuzz-tools-8.3.0-150600.3.3.1
libharfbuzz-cairo0-8.3.0-150600.3.3.1
libharfbuzz-cairo0-32bit-8.3.0-150600.3.3.1
libharfbuzz-gobject0-8.3.0-150600.3.3.1
libharfbuzz-gobject0-32bit-8.3.0-150600.3.3.1
libharfbuzz-icu0-8.3.0-150600.3.3.1
libharfbuzz-icu0-32bit-8.3.0-150600.3.3.1
libharfbuzz-subset0-8.3.0-150600.3.3.1
libharfbuzz-subset0-32bit-8.3.0-150600.3.3.1
libharfbuzz0-8.3.0-150600.3.3.1
libharfbuzz0-32bit-8.3.0-150600.3.3.1
typelib-1_0-HarfBuzz-0_0-8.3.0-150600.3.3.1

Ссылки

Описание

HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hb_malloc returns NULL before using placement new to construct an object at the returned pointer address. When hb_malloc fails to allocate memory (which can occur in low-memory conditions or when using custom allocators that simulate allocation failures), it returns NULL. The code then attempts to call the constructor on this null pointer using placement new syntax, resulting in undefined behavior and a Segmentation Fault. This issue has been patched in version 12.3.0.

Затронутые продукты
Container suse/kiosk/pulseaudio:latest:libharfbuzz0-8.3.0-150600.3.3.1
Image SLES15-SP7-SAP-BYOS-EC2:libharfbuzz0-8.3.0-150600.3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:harfbuzz-devel-8.3.0-150600.3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:libharfbuzz-cairo0-8.3.0-150600.3.3.1
Ссылки