OSV-2023-554

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/harfbuzz/OSV-2023-554.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2023-554

Published

2023-07-10T14:02:00.983105Z

Modified

2023-07-10T14:02:00.983375Z

Summary

Heap-buffer-overflow in OT::CmapSubtable::get_glyph

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60475

Crash type: Heap-buffer-overflow READ 2
Crash state:
OT::CmapSubtable::get_glyph
bool OT::cmap::accelerator_t::get_glyph_from<OT::CmapSubtable>
hb_ot_get_nominal_glyphs

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60475

Affected packages

OSS-Fuzz / harfbuzz

Package

Name: harfbuzz
Purl: pkg:generic/harfbuzz

Affected ranges

Type: GIT
Repo: https://github.com/harfbuzz/harfbuzz.git
Events: Introduced

d84504206c420250bfe80bee25f6a59a7177c9eb

Fixed

f60dbd906a4bf89354af1ed0616a61a5099d8c1a

Ecosystem specific

{
    "severity": "HIGH"
}

Database specific

source

"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/harfbuzz/OSV-2023-554.yaml"