OSV-2023-323

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/harfbuzz/OSV-2023-323.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2023-323
Published
2023-04-17T14:02:31.782283Z
Modified
2023-04-17T14:02:31.782535Z
Summary
Heap-buffer-overflow in OT::glyf_impl::SubsetGlyph::serialize
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58071

Crash type: Heap-buffer-overflow WRITE 2
Crash state:
OT::glyf_impl::SubsetGlyph::serialize
OT::glyf::subset
bool _try_subset<OT::glyf>
References

Affected packages

OSS-Fuzz / harfbuzz

Package

Name
harfbuzz
Purl
pkg:generic/harfbuzz

Affected ranges

Type
GIT
Repo
https://github.com/harfbuzz/harfbuzz.git
Events
Introduced
c0fac016dc017596e2d979e19e1eb8f88df38ea3
Fixed
647b024784e1346f6886565f570cdf940d7b82b4

Affected versions

7.*

7.1.0

Ecosystem specific 

{
    "severity": "HIGH"
}