UbuntuUpdates.org

Package "libharfbuzz-icu0"

Name: libharfbuzz-icu0

Description:

OpenType text shaping engine ICU backend
Latest version: 2.7.4-1ubuntu3.2
Release: jammy (22.04)
Level: updates
Repository: main
Head package: harfbuzz
Homepage: https://www.freedesktop.org/wiki/Software/HarfBuzz

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libharfbuzz-icu0"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libharfbuzz-icu0" in Jammy

Repository Area Version
base main 2.7.4-1ubuntu3
security main 2.7.4-1ubuntu3.2

Changelog

Version: 2.7.4-1ubuntu3.2 2025-02-03 18:06:59 UTC

  harfbuzz (2.7.4-1ubuntu3.2) jammy-security; urgency=medium

  * SECURITY UPDATE: resource consumption via consecutive marks
    - debian/patches/CVE-2023-25193-pre1.patch: refactor
      skippy_iter.match() in src/hb-ot-layout-gsubgpos.hh.
    - debian/patches/CVE-2023-25193-1.patch: avoid O(n^2) behavior in
      mark-attachment in src/hb-ot-layout-gsubgpos.hh,
      src/hb-ot-layout-gpos-table.hh.
    - debian/patches/CVE-2023-25193-2.patch: optimize
      _infos_set_glyph_flags to avoid O(n^2) behavior in src/hb-buffer.hh.
    - debian/patches/CVE-2023-25193-3.patch: fix up previous commit in
      src/hb-buffer.hh.
    - debian/patches/CVE-2023-25193-4.patch: fix assert fail introduced
      recently in src/hb-ot-layout-gpos-table.hh.
    - CVE-2023-25193

 -- Marc Deslauriers <email address hidden> Thu, 30 Jan 2025 13:07:47 -0500
Source diff to previous version
CVE-2023-25193 hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back

Version: 2.7.4-1ubuntu3.1 2022-07-19 15:06:24 UTC

  harfbuzz (2.7.4-1ubuntu3.1) jammy-security; urgency=medium

  * SECURITY UPDATE: DoS via integer overflow
    - debian/patches/CVE-2022-33068-1.patch: limit glyph extents in
      src/hb-ot-color-sbix-table.hh.
    - debian/patches/CVE-2022-33068-2.patch: fix conditional in
      src/hb-ot-color-sbix-table.hh.
    - CVE-2022-33068

 -- Marc Deslauriers <email address hidden> Wed, 13 Jul 2022 12:40:13 -0400
CVE-2022-33068 An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified v


About   -   Send Feedback to @ubuntu_updates