CVE-2015-9274
First published: Thu Nov 15 2018(Updated: )
HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Harfbuzz Project Harfbuzz | <1.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2015-9274.
What is the severity of CVE-2015-9274?
The severity of CVE-2015-9274 is medium with a CVSS score of 6.5.
How does CVE-2015-9274 cause a denial of service?
CVE-2015-9274 allows remote attackers to cause a denial of service by triggering an invalid read of two bytes, leading to an application crash.
Which software versions are affected by CVE-2015-9274?
HarfBuzz versions up to but not including 1.0.4 are affected by CVE-2015-9274.
How can I fix CVE-2015-9274?
To fix CVE-2015-9274, update HarfBuzz to version 1.0.4 or above.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/tags
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/event
- agent/type
- collector/mitre-cve
- source/MITRE
- vendor/harfbuzz project
- canonical/harfbuzz project harfbuzz