hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data, a different vulnerability than CVE-2016-2052.
lists.opensuse.org/opensuse-updates/2016-08/msg00070.html
rhn.redhat.com/errata/RHSA-2016-0072.html
www.securityfocus.com/bid/92039
www.ubuntu.com/usn/USN-3067-1
github.com/behdad/harfbuzz/commit/f96664974774bfeb237a7274f512f64aaafb201e
github.com/behdad/harfbuzz/issues/139
lists.debian.org/debian-lts-announce/2019/12/msg00022.html
security.gentoo.org/glsa/201701-76