OESA-2022-1777
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1777
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2022-1777.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2022-1777
- Upstream
- Published
- 2022-07-22T11:04:02Z
- Modified
- 2025-09-03T06:18:18.468142Z
- Summary
- harfbuzz security update
- Details
-
HarfBuzz is a text-shaping engine. If you give HarfBuzz a font and a string containing a sequence of Unicode codepoints, HarfBuzz selects and positions the corresponding glyphs from the font, applying all of the necessary layout rules and font features. HarfBuzz then returns the string to you in the form that is correctly arranged for the language and writing system.
Security Fix(es):
An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.(CVE-2022-33068)
- Database specific
{ "severity": "Medium" }- References
Affected packages
openEuler:20.03-LTS-SP1 / harfbuzz
Package
- Name
- harfbuzz
- Purl
- pkg:rpm/openEuler/harfbuzz&distro=openEuler-20.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.8.1-3.oe1
Ecosystem specific
{
"noarch": [
"harfbuzz-help-2.8.1-3.oe1.noarch.rpm"
],
"src": [
"harfbuzz-2.8.1-3.oe1.src.rpm"
],
"aarch64": [
"harfbuzz-2.8.1-3.oe1.aarch64.rpm",
"harfbuzz-devel-2.8.1-3.oe1.aarch64.rpm",
"harfbuzz-debugsource-2.8.1-3.oe1.aarch64.rpm",
"harfbuzz-debuginfo-2.8.1-3.oe1.aarch64.rpm"
],
"x86_64": [
"harfbuzz-2.8.1-3.oe1.x86_64.rpm",
"harfbuzz-devel-2.8.1-3.oe1.x86_64.rpm",
"harfbuzz-debuginfo-2.8.1-3.oe1.x86_64.rpm",
"harfbuzz-debugsource-2.8.1-3.oe1.x86_64.rpm"
]
}
openEuler:20.03-LTS-SP3 / harfbuzz
Package
- Name
- harfbuzz
- Purl
- pkg:rpm/openEuler/harfbuzz&distro=openEuler-20.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.8.1-3.oe1
Ecosystem specific
{
"noarch": [
"harfbuzz-help-2.8.1-3.oe1.noarch.rpm"
],
"src": [
"harfbuzz-2.8.1-3.oe1.src.rpm"
],
"aarch64": [
"harfbuzz-debugsource-2.8.1-3.oe1.aarch64.rpm",
"harfbuzz-debuginfo-2.8.1-3.oe1.aarch64.rpm",
"harfbuzz-2.8.1-3.oe1.aarch64.rpm",
"harfbuzz-devel-2.8.1-3.oe1.aarch64.rpm"
],
"x86_64": [
"harfbuzz-2.8.1-3.oe1.x86_64.rpm",
"harfbuzz-debugsource-2.8.1-3.oe1.x86_64.rpm",
"harfbuzz-devel-2.8.1-3.oe1.x86_64.rpm",
"harfbuzz-debuginfo-2.8.1-3.oe1.x86_64.rpm"
]
}
openEuler:22.03-LTS / harfbuzz
Package
- Name
- harfbuzz
- Purl
- pkg:rpm/openEuler/harfbuzz&distro=openEuler-22.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.8.2-3.oe2203
Ecosystem specific
{
"noarch": [
"harfbuzz-help-2.8.2-3.oe2203.noarch.rpm"
],
"src": [
"harfbuzz-2.8.2-3.oe2203.src.rpm"
],
"aarch64": [
"harfbuzz-debuginfo-2.8.2-3.oe2203.aarch64.rpm",
"harfbuzz-2.8.2-3.oe2203.aarch64.rpm",
"harfbuzz-debugsource-2.8.2-3.oe2203.aarch64.rpm",
"harfbuzz-devel-2.8.2-3.oe2203.aarch64.rpm"
],
"x86_64": [
"harfbuzz-2.8.2-3.oe2203.x86_64.rpm",
"harfbuzz-debugsource-2.8.2-3.oe2203.x86_64.rpm",
"harfbuzz-devel-2.8.2-3.oe2203.x86_64.rpm",
"harfbuzz-debuginfo-2.8.2-3.oe2203.x86_64.rpm"
]
}