CVE-2026-22693

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions HarfBuzz versions prior to 12.3.0

Description HarfBuzz is a text shaping engine. A null pointer dereference issue exists in the SubtableUnicodesCache::create function, located in src/hb-ot-cmap-table.hh. The function does not verify if hb malloc returns NULL before attempting to construct an object at the returned pointer address. If hb malloc fails to allocate memory, it returns NULL, and the code then attempts to call the constructor on this null pointer, leading to undefined behavior and a Segmentation Fault. This issue was detected through simulated memory allocation failures in a fuzzing environment.

Recommendations Update to HarfBuzz version 12.3.0 or later.

Exploit

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

AZL-73970

BDU:2026-06703

CVE-2026-22693

ECHO-7ECB-7A01-33A3

GHSA-XVJR-F2R9-C7WW

MGASA-2026-0015

OESA-2026-1203

OESA-2026-1204

OPENSUSE-SU-2026:10065-1

OPENSUSE-SU-2026:20409-1

RHSA-2026:7701

SUSE-SU-2026:0287-1

SUSE-SU-2026:20762-1

SUSE-SU-2026:20922-1

Affected Products

Debian

Harfbuzz

CVE-2026-22693

Weakness Enumeration

Related Identifiers

Affected Products

References · 49