CVE-2022-33068
MEDIUM
Published Jun 23, 20224y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Published Jun 23, 2022 4y ago
Last Modified Jun 17, 2026 2w ago
Description
An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
No active exploitation signals — not in CISA KEV and no EPSS score yet.
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-190 Integer Overflow or Wraparound Numeric Error
Affected Products 3
| Vendor | Product | Version | Range |
|---|---|---|---|
| harfbuzz_project | harfbuzz | 4.3.0 | any |
| fedoraproject | fedora | 35 | any |
| fedoraproject | fedora | 36 | any |
References 6
- github.com https://github.com/harfbuzz/harfbuzz/commit/62e803b36173fd096d7ad460dd1d1db9be542593
- github.com https://github.com/harfbuzz/harfbuzz/issues/3557
- lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FQBJ24W6TXLSAQWCFW7IBGUMX4AJI3S4/
- lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQMEXOVDL3T2UXKBCON7JSOCE646G7HG/
- lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W56WTC5IY4EIUHVUIHMCXA3BSBZLSZCI/
- security.gentoo.org https://security.gentoo.org/glsa/202209-11
Remediation
- github.com https://github.com/harfbuzz/harfbuzz/commit/62e803b36173fd096d7ad460dd1d1db9be542593
- github.com https://github.com/harfbuzz/harfbuzz/issues/3557