ГлавнаяУязвимости → CVE-2024-56732
8.8высокая

CVE-2024-56732

→ есть в БДУ: BDU:2025-03336 (на русском)
Описание (на английском; русское — в БДУ выше)

HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function.

Затрагиваемое ПО
Harfbuzz project Harfbuzz
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Источники
https://github.com/harfbuzz/harfbuzz/commit/1767f99e2e2196c3fcae27db6d8b60098d3f6d26https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-qmp9-xqm5-jh6m