OSV-2026-53

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/harfbuzz/OSV-2026-53.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2026-53

Published

2026-01-15T00:16:26.117926Z

Modified

2026-01-15T00:16:26.118291Z

Summary

Heap-use-after-free in graph::LigatureSubstFormat1::shrink

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=475607265

Crash type: Heap-use-after-free READ 8
Crash state:
graph::LigatureSubstFormat1::shrink
graph::LigatureSubstFormat1::split_context_t::shrink
hb_vector_t<unsigned int, false> graph::actuate_subtable_split<graph::LigatureSu

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=475607265

Affected packages

OSS-Fuzz / harfbuzz

Package

Name: harfbuzz
Purl: pkg:generic/harfbuzz

Affected ranges

Type: GIT
Repo: https://github.com/harfbuzz/harfbuzz.git
Events: Introduced

babdb46be3f28b838b66979e5d1a6ca8d80211ec

Fixed

b17fa8ef39b0e8ea3851d43625f366860750e385

Affected versions

12.*

12.3.0

12.3.1

Ecosystem specific

{
    "severity": "HIGH"
}

Database specific

source

"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/harfbuzz/OSV-2026-53.yaml"