OSV-2023-137

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/harfbuzz/OSV-2023-137.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2023-137
Published
2023-03-03T13:00:38.278632Z
Modified
2026-01-21T00:33:41.940724Z
Summary
Heap-buffer-overflow in OT::Layout::Common::Coverage::get_population
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56510

Crash type: Heap-buffer-overflow READ 1
Crash state:
OT::Layout::Common::Coverage::get_population
OT::Layout::GPOS_impl::SinglePosFormat1::sanitize
hb_sanitize_context_t::return_t OT::Layout::GPOS_impl::PosLookupSubTable::dispat
References

Affected packages

OSS-Fuzz / harfbuzz

Package

Name
harfbuzz
Purl
pkg:generic/harfbuzz

Affected ranges

Type
GIT
Repo
https://github.com/harfbuzz/harfbuzz.git
Events

Affected versions

10.*
10.0.0
10.0.1
10.1.0
10.2.0
10.3.0
10.4.0
11.*
11.0.0
11.0.1
11.1.0
11.2.0
11.2.1
11.3.0
11.3.1
11.3.2
11.3.3
11.4.0
11.4.1
11.4.2
11.4.3
11.4.4
11.4.5
11.5.0
11.5.1
12.*
12.0.0
12.1.0
12.2.0
12.3.0
7.*
7.1.0
7.2.0
7.3.0
8.*
8.0.0
8.0.1
8.1.0
8.1.1
8.2.0
8.2.1
8.2.2
8.3.0
8.3.1
8.4.0
8.5.0
9.*
9.0.0

Ecosystem specific

{
    "severity": "MEDIUM"
}

Database specific

source
"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/harfbuzz/OSV-2023-137.yaml"