A vulnerability has been discovered in HarfBuzz, which can lead to a denial of service.
Package | media-libs/harfbuzz on all architectures |
---|---|
Affected versions | < 7.1.0 |
Unaffected versions | >= 7.1.0 |
HarfBuzz is an OpenType text shaping engine.
Multiple vulnerabilities have been discovered in HarfBuzz. Please review the CVE identifiers referenced below for details.
hb-ot-layout-gsubgpos.hh in HarfBuzz allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
There is no known workaround at this time.
All HarfBuzz users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/harfbuzz-7.1.0"
Release date
July 10, 2024
Latest revision
July 10, 2024: 1
Severity
normal
Exploitable
local
Bugzilla entries