CVE-2024-56732

Published: Dec 27, 2024

Modified: Dec 28, 2024

PUBLISHED

Description

HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function.

Vendor	Product	Versions
harfbuzz	harfbuzz	affected `>= 8.5.0, <= 10.0.1`

Weaknesses (CWE)

CWE-122

References

https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-qmp9-xqm5-jh6m

x_refsource_CONFIRM

https://github.com/harfbuzz/harfbuzz/commit/1767f99e2e2196c3fcae27db6d8b60098d3f6d26

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-56732

Description

Affected Products

Weaknesses (CWE)

References