Bug 2167254 (CVE-2023-25193) - CVE-2023-25193 harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks
Summary: CVE-2023-25193 harfbuzz: allows attackers to trigger O(n^2) growth via consec...
Keywords:
Status: NEW
Alias: CVE-2023-25193
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: Red Hat2168528 2167630 2167631 2167632 Red Hat2168527 Red Hat2168529 2173489
Blocks: Embargoed2167255
TreeView+ depends on / blocked
 
Reported: 2023-02-06 04:22 UTC by Sandipan Roy
Modified: 2023-02-27 15:03 UTC (History)
15 users (show)

Fixed In Version: harfbuzz 7.0.0
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
Clone Of:
Environment:
Last Closed:

Attachments (Terms of Use)

Description Sandipan Roy 2023-02-06 04:22:23 UTC 
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.

https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc
https://github.com/harfbuzz/harfbuzz/blob/2822b589bc837fae6f66233e2cf2eef0f6ce8470/src/hb-ot-layout-gsubgpos.hh
https://chromium.googlesource.com/chromium/src/+/e1f324aa681af54101c1f2d173d92adb80e37088/DEPS#361
Comment 1 Sandipan Roy 2023-02-07 06:25:08 UTC 
Created chromium tracking bugs for this issue:

Affects: fedora-all [bug 2167630]


Created harfbuzz tracking bugs for this issue:

Affects: fedora-all [bug 2167631]


Created mingw-harfbuzz tracking bugs for this issue:

Affects: fedora-all [bug 2167632]
Comment 4 TEJ RATHI 2023-02-27 05:07:39 UTC 
Created chromium tracking bugs for this issue:

Affects: epel-8 [bug 2173489]
Note You need to log in before you can comment on or make changes to this bug.