CVE-2024-56732 Information

Description

HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1 there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function.

Reference

https://github.com/harfbuzz/harfbuzz/commit/1767f99e2e2196c3fcae27db6d8b60098d3f6d26 https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-qmp9-xqm5-jh6m