Harfbuzz
1 CVEs
product
Monthly
HarfBuzz text shaping engine versions prior to 12.3.0 crash when the SubtableUnicodesCache::create function attempts to dereference a null pointer returned by failed memory allocation, enabling denial of service in applications processing untrusted font data. Public exploit code exists for this vulnerability. A patch is available in version 12.3.0 and later.
Null Pointer Dereference
Harfbuzz
Redhat
Suse
NVD
GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-22693
EPSS 0%
CVSS 5.3
MEDIUM
POC
PATCH
This Month
HarfBuzz text shaping engine versions prior to 12.3.0 crash when the SubtableUnicodesCache::create function attempts to dereference a null pointer returned by failed memory allocation, enabling denial of service in applications processing untrusted font data. Public exploit code exists for this vulnerability. A patch is available in version 12.3.0 and later.
Null Pointer Dereference
Harfbuzz
Redhat
+1
NVD
GitHub