CVE-2024-56732

Name
CVE-2024-56732
Description
HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/harfbuzz/harfbuzz/commit/1767f99e2e2196c3fcae27db6d8b60098d3f6d26
CONFIRM https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-qmp9-xqm5-jh6m

Match rules

CPE URI Source package Min version Max version
harfbuzz >= 8.5.0 <= 10.0.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
harfbuzz edge-main 9.0.0-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable