JLSEC-2025-175
- Source
- https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2025/JLSEC-2025-175.md
- Import Source
- https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-175.json
- JSON Data
- https://api.osv.dev/v1/vulns/JLSEC-2025-175
- Upstream
- Published
- 2025-10-21T17:24:37.757Z
- Modified
- 2025-11-06T23:03:15.549238Z
- Summary
- hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via con...
- Details
-
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
- Database specific
{ "sources": [ { "modified": "2025-03-25T21:15:41.240Z", "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-25193", "imported": "2025-10-21T15:02:12.901Z", "published": "2023-02-04T20:15:08.027Z", "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25193", "id": "CVE-2023-25193" } ], "license": "CC-BY-4.0" }- References
-
- https://chromium.googlesource.com/chromium/src/+/e1f324aa681af54101c1f2d173d92adb80e37088/DEPS#361
- https://github.com/harfbuzz/harfbuzz/blob/2822b589bc837fae6f66233e2cf2eef0f6ce8470/src/hb-ot-layout-gsubgpos.hh
- https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWCHWSICWVZSAXP2YAXM65JC2GR53547/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZ5M2GSAIHFPLHYJXUPQ2QDJCLWXUGO3/
- https://security.netapp.com/advisory/ntap-20230725-0006/
Affected packages
Julia / HarfBuzz_jll
Package
- Name
- HarfBuzz_jll
- Purl
- pkg:julia/HarfBuzz_jll?uuid=2e76f6c2-a576-52d4-95c1-20adfe4de566