Home

CVE-2022-33068

Description

An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.139

Associated Vulnerability

VulnerabilityOS Platform
OpenType text shaping engine (USN-5524-1) libharfbuzz0b_2.6.4-1ubuntu4.2_i386.debLinux
OpenType text shaping engine (USN-5524-1) libharfbuzz0b_2.6.4-1ubuntu4.2_amd64.debLinux
OpenType text shaping engine (USN-5524-1) libharfbuzz0b_2.7.4-1ubuntu3.1_i386.debLinux
OpenType text shaping engine (USN-5524-1) libharfbuzz0b_2.7.4-1ubuntu3.1_amd64.debLinux
(RHSA-2022:8384) harfbuzz security update harfbuzz-2.7.4-8.el9.i686.rpmLinux
(RHSA-2022:8384) harfbuzz security update harfbuzz-2.7.4-8.el9.x86_64.rpmLinux
(RHSA-2022:8384) harfbuzz security update harfbuzz-debugsource-2.7.4-8.el9.i686.rpmLinux
(RHSA-2022:8384) harfbuzz security update harfbuzz-debugsource-2.7.4-8.el9.x86_64.rpmLinux
(RHSA-2022:8384) harfbuzz security update harfbuzz-devel-2.7.4-8.el9.i686.rpmLinux
(RHSA-2022:8384) harfbuzz security update harfbuzz-devel-2.7.4-8.el9.x86_64.rpmLinux
(RHSA-2022:8384) harfbuzz security update harfbuzz-icu-2.7.4-8.el9.i686.rpmLinux
(RHSA-2022:8384) harfbuzz security update harfbuzz-icu-2.7.4-8.el9.x86_64.rpmLinux
harfbuzz security update (RLSA-2022:8384) harfbuzz-2.7.4-8.el9.i686.rpmLinux
harfbuzz security update (RLSA-2022:8384) harfbuzz-2.7.4-8.el9.x86_64.rpmLinux
harfbuzz security update (RLSA-2022:8384) harfbuzz-icu-2.7.4-8.el9.i686.rpmLinux
harfbuzz security update (RLSA-2022:8384) harfbuzz-icu-2.7.4-8.el9.x86_64.rpmLinux
harfbuzz security update (RLSA-2022:8384) harfbuzz-devel-2.7.4-8.el9.i686.rpmLinux
harfbuzz security update (RLSA-2022:8384) harfbuzz-devel-2.7.4-8.el9.x86_64.rpmLinux
SUSE-SU-2022:2663-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libharfbuzz0-2.6.4-150200.3.3.1.x86_64.rpmLinux
SUSE-SU-2022:2663-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) harfbuzz-devel-2.6.4-150200.3.3.1.x86_64.rpmLinux
SUSE-SU-2022:2663-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libharfbuzz-icu0-2.6.4-150200.3.3.1.x86_64.rpmLinux
SUSE-SU-2022:2663-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libharfbuzz0-32bit-2.6.4-150200.3.3.1.x86_64.rpmLinux
SUSE-SU-2022:2663-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libharfbuzz-subset0-2.6.4-150200.3.3.1.x86_64.rpmLinux
SUSE-SU-2022:2663-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libharfbuzz-gobject0-2.6.4-150200.3.3.1.x86_64.rpmLinux
SUSE-SU-2022:2663-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) typelib-1_0-HarfBuzz-0_0-2.6.4-150200.3.3.1.x86_64.rpmLinux
Harfbuzz update (ELSA-2022-8384) harfbuzz-2.7.4-8.el9.i686.rpmLinux
Harfbuzz update (ELSA-2022-8384) harfbuzz-2.7.4-8.el9.x86_64.rpmLinux
Harfbuzz-devel update (ELSA-2022-8384) harfbuzz-devel-2.7.4-8.el9.i686.rpmLinux
Harfbuzz-devel update (ELSA-2022-8384) harfbuzz-devel-2.7.4-8.el9.x86_64.rpmLinux
Harfbuzz-icu update (ELSA-2022-8384) harfbuzz-icu-2.7.4-8.el9.i686.rpmLinux
Harfbuzz-icu update (ELSA-2022-8384) harfbuzz-icu-2.7.4-8.el9.x86_64.rpmLinux
harfbuzz Security Update (ALAS-2023-111) harfbuzz-7.0.0-2.amzn2023.0.1.x86_64.rpmLinux
harfbuzz Security Update (ALAS-2023-111) harfbuzz-icu-7.0.0-2.amzn2023.0.1.x86_64.rpmLinux
harfbuzz Security Update (ALAS-2023-111) harfbuzz-devel-7.0.0-2.amzn2023.0.1.x86_64.rpmLinux
harfbuzz Security Update (ALAS2023-2023-111) harfbuzz-7.0.0-2.amzn2023.0.1.x86_64.rpmLinux
harfbuzz Security Update (ALAS2023-2023-111) harfbuzz-devel-7.0.0-2.amzn2023.0.1.x86_64.rpmLinux
harfbuzz Security Update (ALAS2023-2023-111) harfbuzz-icu-7.0.0-2.amzn2023.0.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234