vulnerability
Amazon Linux 2023: CVE-2021-45931: Medium priority package update for harfbuzz
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:P/I:P/A:P) | 2022-01-01 | 2025-02-17 | 2025-02-17 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
2022-01-01
Added
2025-02-17
Modified
2025-02-17
Description
HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t<hb_bit_set_invertible_t>::set and hb_set_copy).
An out-of-bounds write flaw was found in HarfBuzz, arising from a boundary error in the hb_bit_set_invertible_t::set() function when processing untrusted input. This flaw allows an attacker to create a specially crafted file, convince the victim to open it, and trigger an out-of-bounds write. In some cases, this issue could lead to the execution of arbitrary code on the target system or, more commonly, result in a denial of service attack.
An out-of-bounds write flaw was found in HarfBuzz, arising from a boundary error in the hb_bit_set_invertible_t::set() function when processing untrusted input. This flaw allows an attacker to create a specially crafted file, convince the victim to open it, and trigger an out-of-bounds write. In some cases, this issue could lead to the execution of arbitrary code on the target system or, more commonly, result in a denial of service attack.
Solution(s)
amazon-linux-2023-upgrade-harfbuzzamazon-linux-2023-upgrade-harfbuzz-debuginfoamazon-linux-2023-upgrade-harfbuzz-debugsourceamazon-linux-2023-upgrade-harfbuzz-develamazon-linux-2023-upgrade-harfbuzz-devel-debuginfoamazon-linux-2023-upgrade-harfbuzz-icuamazon-linux-2023-upgrade-harfbuzz-icu-debuginfo
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.