OSV-2021-909

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/harfbuzz/OSV-2021-909.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2021-909
Published
2021-07-01T00:00:58.474357Z
Modified
2022-04-13T03:04:32.830977Z
Summary
Heap-buffer-overflow in OT::CPALV1Tail::serialize
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35672

Crash type: Heap-buffer-overflow READ 2
Crash state:
OT::CPALV1Tail::serialize
OT::CPAL::subset
bool _try_subset<OT::CPAL>
References

Affected packages

OSS-Fuzz / harfbuzz

Package

Name
harfbuzz
Purl
pkg:generic/harfbuzz

Affected ranges

Type
GIT
Repo
https://github.com/harfbuzz/harfbuzz.git
Events
Introduced
f739e1dc6a875d092d94bcc906d1604887729eac
Fixed
7416faceeb7a875ba7316cee124edee2d59ea8d0

Ecosystem specific 

{
    "severity": "MEDIUM"
}