[Bug 2102608] New: CVE-2022-33068 VUL-0: CVE-2022-33068: harfbuzz: integer overflow in the component hb-ot-shape-fallback.cc
https://bugzilla.redhat.com/show_bug.cgi?id=2102608
Bug ID: 2102608 Summary: CVE-2022-33068 VUL-0: CVE-2022-33068: harfbuzz: integer overflow in the component hb-ot-shape-fallback.cc Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: mrehak@redhat.com CC: caswilli@redhat.com, dffrench@redhat.com, eng-i18n-bugs@redhat.com, erik-fedora@vanpienbroek.nl, gzaronik@redhat.com, i18n-bugs@lists.fedoraproject.org, jburrell@redhat.com, jwong@redhat.com, kaycoth@redhat.com, klember@redhat.com, kshier@redhat.com, manisandro@gmail.com, moceap@hotmail.com, ngough@redhat.com, pnemade@redhat.com, psatpute@redhat.com, rgodfrey@redhat.com, rh-spice-bugs@redhat.com, tuxator@o2.pl Target Milestone: --- Classification: Other
An integer overflow in the component hb-ot-shape-fallback.cc allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
Reference:
https://github.com/harfbuzz/harfbuzz/issues/3557 https://github.com/harfbuzz/harfbuzz/commit/62e803b36173fd096d7ad460dd1d1db9...
https://bugzilla.redhat.com/show_bug.cgi?id=2102608
Marian Rehak mrehak@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2102612 Depends On| |2102610, 2102611
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=2102610 [Bug 2102610] CVE-2022-33068 harfbuzz: VUL-0: CVE-2022-33068: harfbuzz: integer overflow in the component hb-ot-shape-fallback.cc [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2102611 [Bug 2102611] CVE-2022-33068 mingw-harfbuzz: VUL-0: CVE-2022-33068: harfbuzz: integer overflow in the component hb-ot-shape-fallback.cc [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2102608
--- Comment #1 from Marian Rehak mrehak@redhat.com --- Created harfbuzz tracking bugs for this issue:
Affects: fedora-all [bug 2102610]
Created mingw-harfbuzz tracking bugs for this issue:
Affects: fedora-all [bug 2102611]
https://bugzilla.redhat.com/show_bug.cgi?id=2102608
Sandipan Roy saroy@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|CVE-2022-33068 VUL-0: |CVE-2022-33068 harfbuzz: |CVE-2022-33068: harfbuzz: |integer overflow in the |integer overflow in the |component |component |hb-ot-shape-fallback.cc |hb-ot-shape-fallback.cc |
https://bugzilla.redhat.com/show_bug.cgi?id=2102608
juneau@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2102746
https://bugzilla.redhat.com/show_bug.cgi?id=2102608
Sandipan Roy saroy@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2103848, 2103849, 2103850
https://bugzilla.redhat.com/show_bug.cgi?id=2102608
--- Doc Text *updated* by Sandipan Roy saroy@redhat.com --- A vulnerability found in harfbuzz. By this flaw an integer overflow in the component hb-ot-shape-fallback.cc allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
https://bugzilla.redhat.com/show_bug.cgi?id=2102608
--- Doc Text *updated* by RaTasha Tillery-Smith rtillery@redhat.com --- A vulnerability found in harfbuzz. An integer overflow in the hb-ot-shape-fallback.cc component allows attackers to cause a denial of service (DoS) via unspecified vectors.
https://bugzilla.redhat.com/show_bug.cgi?id=2102608 Bug 2102608 depends on bug 2102610, which changed state.
Bug 2102610 Summary: CVE-2022-33068 harfbuzz: integer overflow in the component hb-ot-shape-fallback.cc [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2102610
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=2102608 Bug 2102608 depends on bug 2102611, which changed state.
Bug 2102611 Summary: CVE-2022-33068 mingw-harfbuzz: harfbuzz: integer overflow in the component hb-ot-shape-fallback.cc [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2102611
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=2102608
Sandipan Roy saroy@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2130150, 2130151, 2130149
https://bugzilla.redhat.com/show_bug.cgi?id=2102608
Andrew John Hughes ahughes@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(saroy@redhat.com) CC| |saroy@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2102608
Andrew John Hughes ahughes@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2133727
https://bugzilla.redhat.com/show_bug.cgi?id=2102608
Andrew John Hughes ahughes@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2133721
https://bugzilla.redhat.com/show_bug.cgi?id=2102608
Andrew John Hughes ahughes@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2133718
https://bugzilla.redhat.com/show_bug.cgi?id=2102608
Sandipan Roy saroy@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(saroy@redhat.com) |
https://bugzilla.redhat.com/show_bug.cgi?id=2102608
--- Comment #7 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2022:8384 https://access.redhat.com/errata/RHSA-2022:8384
https://bugzilla.redhat.com/show_bug.cgi?id=2102608
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2022:8384
https://bugzilla.redhat.com/show_bug.cgi?id=2102608
--- Comment #8 from Product Security DevOps Team prodsec-dev@redhat.com --- This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2022-33068
https://bugzilla.redhat.com/show_bug.cgi?id=2102608
Product Security DevOps Team prodsec-dev@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |ERRATA Last Closed| |2022-12-05 22:24:42
i18n-bugs@lists.fedoraproject.org
-
bugzilla@redhat.com