OESA-2025-1009
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1009
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2025-1009.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2025-1009
- Upstream
- Published
- 2025-01-03T12:54:31Z
- Modified
- 2025-09-03T06:20:40.721323Z
- Summary
- harfbuzz security update
- Details
-
HarfBuzz is a text-shaping engine. If you give HarfBuzz a font and a string containing a sequence of Unicode codepoints, HarfBuzz selects and positions the corresponding glyphs from the font, applying all of the necessary layout rules and font features. HarfBuzz then returns the string to you in the form that is correctly arranged for the language and writing system.
Security Fix(es):
HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hbcairoglyphsfrombuffer function.(CVE-2024-56732)
- Database specific
{ "severity": "High" }- References
Affected packages
openEuler:24.03-LTS / harfbuzz
Package
- Name
- harfbuzz
- Purl
- pkg:rpm/openEuler/harfbuzz&distro=openEuler-24.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.3.0-2.oe2403
Ecosystem specific
{
"noarch": [
"harfbuzz-help-8.3.0-2.oe2403.noarch.rpm"
],
"x86_64": [
"harfbuzz-8.3.0-2.oe2403.x86_64.rpm",
"harfbuzz-debuginfo-8.3.0-2.oe2403.x86_64.rpm",
"harfbuzz-debugsource-8.3.0-2.oe2403.x86_64.rpm",
"harfbuzz-devel-8.3.0-2.oe2403.x86_64.rpm"
],
"src": [
"harfbuzz-8.3.0-2.oe2403.src.rpm"
],
"aarch64": [
"harfbuzz-8.3.0-2.oe2403.aarch64.rpm",
"harfbuzz-debuginfo-8.3.0-2.oe2403.aarch64.rpm",
"harfbuzz-debugsource-8.3.0-2.oe2403.aarch64.rpm",
"harfbuzz-devel-8.3.0-2.oe2403.aarch64.rpm"
]
}