Harfbuzz
CVE-2015-8947
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
Lifecycle Timeline
1DescriptionCVE.org
hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data, a different vulnerability than CVE-2016-2052.
AnalysisAI
hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data, a different. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data, a different vulnerability than CVE-2016-2052. Affected products include: Harfbuzz Project Harfbuzz. Version information: before 1.0.5.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.
An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Se
HarfBuzz is a text shaping engine. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no au
HarfBuzz text shaping engine versions prior to 12.3.0 crash when the SubtableUnicodesCache::create function attempts to
Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attac
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks durin
Same weakness CWE-119 – Buffer Overflow
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today