Lucene search
Veracode Vulnerability DatabaseVERACODE:31147HistoryJul 06, 2021 - 9:15 a.m.
Arbitrary Code Execution
2021-07-0609:15:30
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
0.039 Low
EPSS
Percentile
92.0%
harfbuzz is vulnerable to arbitrary code execution. A buffer over-read in hb-ot-layout-gpos-table.hh allows an attacker to cause a denial of service or potentially execute arbitrary code on the host OS.
References
lists.opensuse.org/opensuse-updates/2016-08/msg00070.html
rhn.redhat.com/errata/RHSA-2016-0072.html
www.securityfocus.com/bid/92039
www.ubuntu.com/usn/USN-3067-1
github.com/behdad/harfbuzz/commit/f96664974774bfeb237a7274f512f64aaafb201e
github.com/behdad/harfbuzz/issues/139#issuecomment-146984679
github.com/harfbuzz/harfbuzz/commit/f396fbb000dc1c8acddbf6a16e193b328c5e551e
security.gentoo.org/glsa/201701-76
Related
osv
osv
harfbuzz - security update
2019-12-17 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-2040-1)
2019-12-18 00:00:00
Mageia: Security Advisory (MGASA-2016-0264)
2022-01-28 00:00:00
Ubuntu: Security Advisory (USN-3067-1)
2016-08-25 00:00:00
nessus
nessus
Debian DLA-2040-1 : harfbuzz security update
2019-12-18 00:00:00
openSUSE Security Update : harfbuzz (openSUSE-2016-986)
2016-08-17 00:00:00
GLSA-201701-76 : HarfBuzz: Multiple vulnerabilities
2017-02-01 00:00:00
debian
debian
[SECURITY] [DLA 2040-1] harfbuzz security update
2019-12-17 18:31:04
mageia
mageia
Updated harfbuzz packages fix security vulnerability
2016-07-27 00:59:16
debiancve
debiancve
CVE-2016-2052
2016-01-25 11:59:10
CVE-2015-8947
2016-07-19 10:59:00
nvd
nvd
CVE-2016-2052
2016-01-25 11:59:10
CVE-2015-8947
2016-07-19 10:59:00
cloudfoundry
cloudfoundry
USN-3067-1: HarfBuzz vulnerabilities | Cloud Foundry
2016-12-19 00:00:00
ubuntu
ubuntu
HarfBuzz vulnerabilities
2016-08-24 00:00:00
ubuntucve
ubuntucve
CVE-2015-8947
2016-07-19 00:00:00
CVE-2016-2052
2016-01-25 00:00:00
prion
prion
Design/Logic Flaw
2016-07-19 10:59:00
Buffer overflow
2016-01-25 11:59:00
cvelist
cvelist
CVE-2016-2052
2016-01-25 11:00:00
CVE-2015-8947
2016-07-19 10:00:00
cve
cve
CVE-2016-2052
2016-01-25 11:59:10
CVE-2015-8947
2016-07-19 10:59:00
gentoo
gentoo
HarfBuzz: Multiple vulnerabilities
2017-01-31 00:00:00
redhat
redhat
(RHSA-2016:0072) Important: chromium-browser security update
2016-01-27 00:00:00