PT-2026-3420 · Harfbuzz+1 · Harfbuzz+1

Published

2026-01-19

Updated

2026-03-04

CVE-2026-0943

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions HarfBuzz::Shaper versions prior to 0.032

Description HarfBuzz::Shaper versions before 0.032 include a bundled library with a null pointer dereference issue. The vulnerable component is HarfBuzz 8.4.0 or earlier, packaged as hb src.tar.gz within the source tarball. This condition can lead to a program crash or unexpected behavior.

Recommendations Update to HarfBuzz::Shaper version 0.032 or later.

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1395CWE-476

Related Identifiers

CVE-2026-0943

Affected Products

Harfbuzz

Harfbuzz::Shaper

PT-2026-3420 · Harfbuzz+1 · Harfbuzz+1

CVE-2026-0943

Weakness Enumeration

Related Identifiers

Affected Products

References · 12