HarfBuzz: Multiple vulnerabilities — GLSA 201701-76

Multiple vulnerabilities have been found in HarfBuzz, the worst of which could allow remote attackers to cause a Denial of Service condition.

Affected packages

media-libs/harfbuzz on all architectures
Affected versions < 1.0.6
Unaffected versions >= 1.0.6

Background

HarfBuzz is an OpenType text shaping engine.

Description

Multiple vulnerabilities have been discovered in HarfBuzz. Please review the CVE identifiers referenced below for details.

Impact

Remote attackers, through the use of crafted data, could cause a Denial of Service condition or have other unspecified impacts.

Workaround

There is no known workaround at this time.

Resolution

All HarfBuzz users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/harfbuzz-1.0.6"
 

References

Release date
January 31, 2017

Latest revision
January 31, 2017: 1

Severity
normal

Exploitable
remote

Bugzilla entries