CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
68.2%
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to
trigger O(n^2) growth via consecutive marks during the process of looking
back for base glyphs when attaching marks.
Author | Note |
---|---|
rodrigo-zaiden | commit 85be877925ddbf34f74a1229f3ca1716bb6170dc that was claimed to fix the issue, got reverted in commit 661050b4659ee490dfe622821bc7fde7d1c40510, there are comments on the first discussing possible regressions. Instead, the commits listed in the patches section seems to properly fix the issue. for commit 30b84faba, _infos_set_glyph_flags() can be found as _unsafe_to_break_set_mask() for versios prior to 3.3.0, down to version 1.5.0, where the later was added. GPOS lookups (src/OT/Layout/GPOS) moved to the current code baseline in version 4.4.1, before it, some of the methods can be found in src/hb-ot-layout-gsubgpos.hh. releases prior to bionic does not have any of the code being fixed. bionic itself could be patched with some of the commits, but not all. a careful check seems necessary to evaluate if really possible to fix it. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | harfbuzz | < any | UNKNOWN |
ubuntu | 20.04 | noarch | harfbuzz | < any | UNKNOWN |
ubuntu | 22.04 | noarch | harfbuzz | < any | UNKNOWN |
ubuntu | 24.04 | noarch | harfbuzz | < any | UNKNOWN |
ubuntu | 18.04 | noarch | openjdk-17 | < 17.0.8+7-1~18.04 | UNKNOWN |
ubuntu | 20.04 | noarch | openjdk-17 | < 17.0.8+7-1~20.04.2 | UNKNOWN |
ubuntu | 22.04 | noarch | openjdk-17 | < 17.0.8+7-1~22.04 | UNKNOWN |
ubuntu | 23.04 | noarch | openjdk-17 | < 17.0.8+7-1~23.04 | UNKNOWN |
ubuntu | 23.04 | noarch | openjdk-20 | < 20.0.2+9+ds1-0ubuntu1~23.04 | UNKNOWN |
ubuntu | 20.04 | noarch | openjdk-21 | < 21.0.1+12-2~20.04 | UNKNOWN |
chromium.googlesource.com/chromium/src/+/e1f324aa681af54101c1f2d173d92adb80e37088/DEPS#361
github.com/harfbuzz/harfbuzz/blob/2822b589bc837fae6f66233e2cf2eef0f6ce8470/src/hb-ot-layout-gsubgpos.hh
github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc (reverted)
launchpad.net/bugs/cve/CVE-2023-25193
nvd.nist.gov/vuln/detail/CVE-2023-25193
security-tracker.debian.org/tracker/CVE-2023-25193
ubuntu.com/security/notices/USN-6263-1
ubuntu.com/security/notices/USN-6272-1
www.cve.org/CVERecord?id=CVE-2023-25193