HarfBuzz: Denial of Service A vulnerability has been discovered in HarfBuzz, which can lead to a denial of service. harfbuzz 2024-07-10 2024-07-10 905310 local 7.1.0 7.1.0

HarfBuzz is an OpenType text shaping engine.

Multiple vulnerabilities have been discovered in HarfBuzz. Please review the CVE identifiers referenced below for details.

hb-ot-layout-gsubgpos.hh in HarfBuzz allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.

There is no known workaround at this time.

All HarfBuzz users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/harfbuzz-7.1.0" CVE-2023-22006 CVE-2023-22036 CVE-2023-22041 CVE-2023-22044 CVE-2023-22045 CVE-2023-22049 CVE-2023-25193 graaff graaff