Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 830372 (CVE-2021-45931)

Summary: <media-libs/harfbuzz-2.9.1: out-of-bounds write
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: polynomial-c
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A2 [glsa+]
Package list:
Runtime testing required: ---

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-01-01 02:13:25 UTC 
CVE-2021-45931 (https://github.com/google/oss-fuzz-vulns/blob/main/vulns/harfbuzz/OSV-2021-1159.yaml):

HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t<hb_bit_set_invertible_t>::set and hb_set_copy).
Comment 1 Andreas K. Hüttel archtester gentoo-dev 2022-02-12 00:47:39 UTC 
Nothing to do for office here anymore
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-09-19 18:51:37 UTC 
GLSA request filed
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-09-25 13:44:02 UTC 
GLSA released, all done!
Comment 4 Larry the Git Cow gentoo-dev 2022-09-25 13:56:43 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=1733373e809dacf94df6a7f9b4e247232c6d7154

commit 1733373e809dacf94df6a7f9b4e247232c6d7154
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-09-25 13:35:18 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-09-25 13:42:21 +0000

    [ GLSA 202209-11 ] HarfBuzz: Multiple vulnerabilities
    
    Bug: https://bugs.gentoo.org/830372
    Bug: https://bugs.gentoo.org/856049
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202209-11.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)