Candidate: CVE-2015-9274
PublicDate: 2018-11-15 06:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9274
Description:
 HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service
 (invalid read of two bytes and application crash) because of GPOS and GSUB
 table mishandling, related to hb-ot-layout-gpos-table.hh,
 hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [6.5 MEDIUM]


Patches_harfbuzz:
 upstream: https://github.com/harfbuzz/harfbuzz/commit/c917965b9e6fe2b21ed6c51559673288fa3af4b7
upstream_harfbuzz: released (1.2.6-1)
precise/esm_harfbuzz: DNE
trusty_harfbuzz: ignored (reached end-of-life)
trusty/esm_harfbuzz: needed
xenial_harfbuzz: ignored (end of standard support, was needed)
esm-infra/xenial_harfbuzz: needed
bionic_harfbuzz: not-affected (1.7.2-1ubuntu1)
cosmic_harfbuzz: not-affected
disco_harfbuzz: not-affected
eoan_harfbuzz: not-affected
focal_harfbuzz: not-affected
groovy_harfbuzz: not-affected
hirsute_harfbuzz: not-affected
impish_harfbuzz: not-affected
jammy_harfbuzz: not-affected
devel_harfbuzz: not-affected