PT-2024-37045 · Harfbuzz+2 · Harfbuzz+2

Fizz-Is-On-The-Way

Published

2024-12-27

Updated

2025-02-13

CVE-2024-56732

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions HarfBuzz versions 8.5.0 through 10.0.1

Description HarfBuzz is a text shaping engine. There is a heap-based buffer overflow in the hb cairo glyphs from buffer function. This issue may allow a remote attacker to execute arbitrary code on the target system.

Recommendations For HarfBuzz versions 8.5.0 through 10.0.1, consider disabling the hb cairo glyphs from buffer function until a patch is available. Restrict access to the hb-cairo.cc module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122

Related Identifiers

AZL-54701

AZL-54704

BDU:2025-03336

CVE-2024-56732

GHSA-QMP9-XQM5-JH6M

OESA-2025-1009

OESA-2025-1019

OPENSUSE-SU-2025:14614-1

USN-7214-1

Affected Products

Harfbuzz

Red Os

Ubuntu

PT-2024-37045 · Harfbuzz+2 · Harfbuzz+2

CVE-2024-56732

Weakness Enumeration

Related Identifiers

Affected Products

References · 34