OSV-2023-930

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/harfbuzz/OSV-2023-930.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2023-930
Published
2023-09-29T14:02:21.147998Z
Modified
2023-09-29T14:02:21.148306Z
Summary
Heap-buffer-overflow in OT::cvar::decompile_tuple_variations
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62774

Crash type: Heap-buffer-overflow READ 2
Crash state:
OT::cvar::decompile_tuple_variations
OT::cvar::subset
bool _try_subset<OT::cvar>
References

Affected packages

OSS-Fuzz / harfbuzz

Package

Name
harfbuzz
Purl
pkg:generic/harfbuzz

Affected ranges

Type
GIT
Repo
https://github.com/harfbuzz/harfbuzz.git
Events
Introduced
0065658e96c79f8b51c2a702908e84d9d23e0971
Fixed
9ceb800ac26fd81a5eaf27ef366d5fce47e80447

Affected versions

8.*

8.2.0
8.2.1

Ecosystem specific 

{
    "severity": "HIGH"
}