CVE-2023-25193

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions HarfBuzz versions through 6.0.0

Description The issue in HarfBuzz is related to the hb-ot-layout-gsubgpos.hh component, which allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. This can lead to a denial of service. The vulnerability is associated with uncontrolled resource allocation.

Recommendations For HarfBuzz versions through 6.0.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

ALSA-2023:4158

ALSA-2023:4159

ALSA-2023:4175

ALSA-2023:4177

ALSA-2024:2410

ALSA-2024:2980

ALT-PU-2023-8475

ALT-PU-2023-8476

ALT-PU-2023-8478

ALT-PU-2023-8479

ALT-PU-2023-8480

ALT-PU-2023-8481

ALT-PU-2024-17585

ALT-PU-2024-17593

ALT-PU-2024-8924

AZL-13303

BDU:2023-06149

BIT-JAVA-2023-25193

BIT-JAVA-MIN-2023-25193

BIT-JRE-2023-25193

CESA-2023_4159

CESA-2023_4175

CESA-2024_2980

CVE-2023-25193

ECHO-4F23-7A7E-C10A

INFSA-2024_2410

INFSA-2024_2980

MGASA-2023-0272

OESA-2023-1083

OESA-2023-1111

OPENSUSE-SU-2023_3023-1

OPENSUSE-SU-2023_3287-1

OPENSUSE-SU-2023_3441-1

OPENSUSE-SU-2024:12660-1

OPENSUSE-SU-2024:13075-1

OPENSUSE-SU-2024:13076-1

OPENSUSE-SU-2024:13131-1

OPENSUSE-SU-2025:0066-1

OPENSUSE-SU-2025:0067-1

RHSA-2023:4157

RHSA-2023:4158

RHSA-2023:4159

RHSA-2023:4162

RHSA-2023:4163

RHSA-2023:4164

RHSA-2023:4165

RHSA-2023:4169

RHSA-2023:4170

RHSA-2023:4171

RHSA-2023:4175

RHSA-2023:4177

RHSA-2023:4233

RHSA-2023_4158

RHSA-2023_4159

RHSA-2023_4175

RHSA-2023_4177

RHSA-2023_4233

RHSA-2024:2410

RHSA-2024:2980

RHSA-2024_2410

RHSA-2024_2980

SUSE-SU-2023:1820-1

SUSE-SU-2023:1821-1

SUSE-SU-2023:1822-1

SUSE-SU-2023:1852-1

SUSE-SU-2023:2990-1

SUSE-SU-2023:3023-1

SUSE-SU-2023:3287-1

SUSE-SU-2023:3406-1

SUSE-SU-2023:3441-1

SUSE-SU-2023_1820-1

SUSE-SU-2023_1821-1

SUSE-SU-2023_1822-1

SUSE-SU-2023_1852-1

SUSE-SU-2023_2990-1

SUSE-SU-2023_3023-1

USN-6263-1

USN-6263-2

USN-6272-1

USN-7251-1

Affected Products

Alt Linux

Almalinux

Centos

Debian

Harfbuzz

Java Platform

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2023-25193

Weakness Enumeration

Related Identifiers

Affected Products

References · 307