Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 830372 (CVE-2021-45931) - <media-libs/harfbuzz-2.9.1: out-of-bounds write
Summary: <media-libs/harfbuzz-2.9.1: out-of-bounds write
Alias: CVE-2021-45931
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
Whiteboard: A2 [glsa+]
Depends on:
Reported: 2022-01-01 02:13 UTC by Sam James
Modified: 2022-09-25 13:56 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-01-01 02:13:25 UTC
CVE-2021-45931 (

HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t<hb_bit_set_invertible_t>::set and hb_set_copy).
Comment 1 Andreas K. Hüttel archtester gentoo-dev 2022-02-12 00:47:39 UTC
Nothing to do for office here anymore
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-09-19 18:51:37 UTC
GLSA request filed
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-09-25 13:44:02 UTC
GLSA released, all done!
Comment 4 Larry the Git Cow gentoo-dev 2022-09-25 13:56:43 UTC
The bug has been referenced in the following commit(s):

commit 1733373e809dacf94df6a7f9b4e247232c6d7154
Author:     GLSAMaker <>
AuthorDate: 2022-09-25 13:35:18 +0000
Commit:     John Helmert III <>
CommitDate: 2022-09-25 13:42:21 +0000

    [ GLSA 202209-11 ] HarfBuzz: Multiple vulnerabilities
    Signed-off-by: GLSAMaker <>
    Signed-off-by: John Helmert III <>

 glsa-202209-11.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)