CNNVD-202601-1735 Information
CNNVD ID
CNNVD-202601-1735
Related CVE
- CNNVD Published: 2026-01-10
Description (Chinese)
HarfBuzz是HarfBuzz开源的一款用于OpenType字体的文本引擎。 HarfBuzz 12.3.0之前版本存在安全漏洞,该漏洞源于SubtableUnicodesCache::create函数未检查hb_malloc返回值,可能导致空指针取消引用和分段违规。
Description (English)
HarfBuzz is a text engine for OpenType fonts from HarfBuzz Open Source. A security loophole existed in the pre-HarfBuzz 12.3.0 version, which originated from the fact that the SubtableUnicodesCache:create function did not check the return value of hb malloc, which could lead to the cancellation of references and sub-rules by the empty pointer.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
HarfBuzz
Published
2026-01-10
Last Modified
2026-02-24
References
https://github.com/harfbuzz/harfbuzz/commit/1265ff8d990284f04d8768f35b0e20ae5f60daae https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-xvjr-f2r9-c7ww http://www.openwall.com/lists/oss-security/2026/01/11/1
Patch
https://github.com/harfbuzz/harfbuzz/releases
Share on: