Lucene search
RedHatRHSA-2024:2410HistoryApr 30, 2024 - 6:15 a.m.
(RHSA-2024:2410) Moderate: harfbuzz security update
2024-04-3006:15:38
access.redhat.com
12
harfbuzz
opentype layout
security update
o(n^2) growth
cve-2023-25193
red hat enterprise linux.
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
7.8
Confidence
High
EPSS
0.003
Percentile
68.2%
HarfBuzz is an implementation of the OpenType Layout engine.
Security Fix(es):
- harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks (CVE-2023-25193)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 9 | s390x | harfbuzz-debugsource | < 2.7.4-10.el9 | harfbuzz-debugsource-2.7.4-10.el9.s390x.rpm |
| RedHat | 9 | aarch64 | harfbuzz-icu-debuginfo | < 2.7.4-10.el9 | harfbuzz-icu-debuginfo-2.7.4-10.el9.aarch64.rpm |
| RedHat | 9 | x86_64 | harfbuzz-debugsource | < 2.7.4-10.el9 | harfbuzz-debugsource-2.7.4-10.el9.x86_64.rpm |
| RedHat | 9 | i686 | harfbuzz | < 2.7.4-10.el9 | harfbuzz-2.7.4-10.el9.i686.rpm |
| RedHat | 9 | ppc64le | harfbuzz-icu | < 2.7.4-10.el9 | harfbuzz-icu-2.7.4-10.el9.ppc64le.rpm |
| RedHat | 9 | ppc64le | harfbuzz-debuginfo | < 2.7.4-10.el9 | harfbuzz-debuginfo-2.7.4-10.el9.ppc64le.rpm |
| RedHat | 9 | i686 | harfbuzz-icu | < 2.7.4-10.el9 | harfbuzz-icu-2.7.4-10.el9.i686.rpm |
| RedHat | 9 | i686 | harfbuzz-debugsource | < 2.7.4-10.el9 | harfbuzz-debugsource-2.7.4-10.el9.i686.rpm |
| RedHat | 9 | ppc64le | harfbuzz-debugsource | < 2.7.4-10.el9 | harfbuzz-debugsource-2.7.4-10.el9.ppc64le.rpm |
| RedHat | 9 | s390x | harfbuzz-devel | < 2.7.4-10.el9 | harfbuzz-devel-2.7.4-10.el9.s390x.rpm |
Related
nessus
nessus
CBL Mariner 2.0 Security Update: harfbuzz (CVE-2023-25193)
2023-03-20 00:00:00
EulerOS 2.0 SP9 : harfbuzz (EulerOS-SA-2023-1846)
2023-05-10 00:00:00
EulerOS 2.0 SP11 : harfbuzz (EulerOS-SA-2023-2270)
2023-07-04 00:00:00
cve
cve
CVE-2023-25193
2023-02-04 20:15:08
ubuntucve
ubuntucve
CVE-2023-25193
2023-02-04 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: harfbuzz-7.0.1-2.fc38
2023-03-14 03:31:51
[SECURITY] Fedora 38 Update: cairo-1.17.8-2.fc38
2023-03-14 03:31:48
[SECURITY] Fedora 38 Update: freetype-2.13.0-2.fc38
2023-03-14 03:31:50
openvas
openvas
Fedora: Security Advisory for freetype (FEDORA-2023-a48406ecd2)
2023-03-15 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:1821-1)
2023-05-05 00:00:00
Huawei EulerOS: Security Advisory for harfbuzz (EulerOS-SA-2023-1871)
2023-05-10 00:00:00
osv
osv
Moderate: harfbuzz security update
2024-04-30 00:00:00
Moderate: harfbuzz security update
2024-05-22 00:00:00
harfbuzz-devel-6.0.0-2.1 on GA media
2024-06-15 00:00:00
cvelist
cvelist
CVE-2023-25193
2023-02-04 00:00:00
f5
f5
K000135674 : HarfBuzz vulnerability CVE-2023-25193
2023-07-31 00:00:00
redos
redos
ROS-20240329-19
2024-03-29 00:00:00
oraclelinux
oraclelinux
harfbuzz security update
2024-05-23 00:00:00
harfbuzz security update
2024-05-02 00:00:00
java-11-openjdk security and bug fix update
2023-07-28 00:00:00
nvd
nvd
CVE-2023-25193
2023-02-04 20:15:08
amazon
amazon
Medium: harfbuzz
2024-07-03 20:05:00
Medium: java-11-amazon-corretto
2023-07-17 17:39:00
Medium: java-17-amazon-corretto
2023-07-17 17:39:00
cbl_mariner
cbl_mariner
CVE-2023-25193 affecting package mozjs60 60.9.0-13
2024-10-02 03:32:42
CVE-2023-25193 affecting package qt5-qtbase 5.12.11-13
2024-10-02 03:32:47
CVE-2023-25193 affecting package harfbuzz 2.6.4-4
2023-03-16 03:40:02
alpinelinux
alpinelinux
CVE-2023-25193
2023-02-04 20:15:08
debiancve
debiancve
CVE-2023-25193
2023-02-04 20:15:08
prion
prion
Code injection
2023-02-04 20:15:00
almalinux
almalinux
Moderate: harfbuzz security update
2024-04-30 00:00:00
Moderate: harfbuzz security update
2024-05-22 00:00:00
Moderate: java-11-openjdk security and bug fix update
2023-07-20 00:00:00
redhat
redhat
(RHSA-2024:2980) Moderate: harfbuzz security update
2024-05-22 06:35:15
(RHSA-2023:4175) Moderate: java-11-openjdk security and bug fix update
2023-07-20 11:24:08
(RHSA-2023:4163) Moderate: java-11-openjdk security and bug fix update
2023-07-19 16:37:24
redhatcve
redhatcve
CVE-2023-25193
2023-02-06 04:26:12
veracode
veracode
Denial Of Service (DoS)
2023-02-09 17:06:41
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0339
2023-02-23 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0538
2023-02-26 00:00:00
ibm
ibm
gentoo
gentoo
HarfBuzz: Denial of Service
2024-07-10 00:00:00
ubuntu
ubuntu
OpenJDK 20 vulnerabilities
2023-08-03 00:00:00
OpenJDK regression
2023-08-30 00:00:00
OpenJDK vulnerabilities
2023-08-01 00:00:00
kaspersky
kaspersky
KLA51006 Multiple vulnerabilities in Oracle Java SE and GraalVM
2023-07-18 00:00:00
mageia
mageia
Updated java packages fix security vulnerabilities
2023-09-30 22:15:40
ics
ics
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
7.8
Confidence
High
EPSS
0.003
Percentile
68.2%
Related for RHSA-2024:2410