OSV-2023-27

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/harfbuzz/OSV-2023-27.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2023-27

Published

2023-01-23T13:01:48.208593Z

Modified

2023-01-23T13:01:48.208833Z

Summary

Heap-buffer-overflow in OT::Layout::GPOS_impl::PairSet<OT::Layout::MediumTypes>::apply

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55287

Crash type: Heap-buffer-overflow READ 1
Crash state:
OT::Layout::GPOS_impl::PairSet<OT::Layout::MediumTypes>::apply
OT::Layout::GPOS_impl::PairPosFormat1_3<OT::Layout::MediumTypes>::apply
bool OT::hb_accelerate_subtables_context_t::apply_to&lt;OT::Layout::GPOS_impl::Pair

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55287

Affected packages

OSS-Fuzz / harfbuzz

Package

Name: harfbuzz
Purl: pkg:generic/harfbuzz

Affected ranges

Type: GIT
Repo: https://github.com/harfbuzz/harfbuzz.git
Events: Introduced

af450a757d8471e55b71d1f3eb3c1e1fd3390d7b

Fixed

b63159e8bf579345a6f56d04ad1b2c28eee66bac

Affected versions

6.*

6.0.0

Ecosystem specific

{
    "severity": "MEDIUM"
}