CVE-2023-25193: hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. Patch: https://github.com/harfbuzz/harfbuzz/commit/8708b9e081192786c027bb7f5f23d76dbe5c19e8
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a7f050bbcecb34d25f4fe76a954ff99348af562f commit a7f050bbcecb34d25f4fe76a954ff99348af562f Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2023-06-10 08:56:25 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2023-06-10 09:38:36 +0000 media-libs/harfbuzz: drop 6.0.0, 7.2.0 Bug: https://bugs.gentoo.org/905310 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> media-libs/harfbuzz/Manifest | 2 - .../harfbuzz/files/harfbuzz-6.0.0-gcc-13.patch | 26 ------ media-libs/harfbuzz/harfbuzz-6.0.0.ebuild | 102 --------------------- media-libs/harfbuzz/harfbuzz-7.2.0.ebuild | 97 -------------------- 4 files changed, 227 deletions(-)