Source: harfbuzz Version: 2.7.4-1 Severity: important Tags: security upstream Forwarded: https://github.com/harfbuzz/harfbuzz/issues/3557 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for harfbuzz. CVE-2022-33068[0]: | An integer overflow in the component hb-ot-shape-fallback.cc of | Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) | via unspecified vectors. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-33068 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33068 [1] https://github.com/harfbuzz/harfbuzz/issues/3557 [2] https://github.com/harfbuzz/harfbuzz/commit/62e803b36173fd096d7ad460dd1d1db9be542593 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
