Headline
CVE-2021-45931: oss-fuzz-vulns/OSV-2021-1159.yaml at main · google/oss-fuzz-vulns
HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t<hb_bit_set_invertible_t>::set and hb_set_copy).
id: OSV-2021-1159
summary: UNKNOWN WRITE in hb_bit_set_invertible_t::set
details: |
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37425
Crash type: UNKNOWN WRITE
Crash state:
hb_bit_set_invertible_t::set
hb_sparseset_t<hb_bit_set_invertible_t>::set
hb_set_copy
modified: ‘2021-08-22T00:00:24.932034Z’
published: ‘2021-08-22T00:00:24.931714Z’
references:
- type: REPORT
url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37425
affected:
- package:
name: harfbuzz
ecosystem: OSS-Fuzz
ranges:
- type: GIT
repo: https://github.com/harfbuzz/harfbuzz.git
events:
- introduced: 48ad9eef1eb5e5226fcfdb86f3cf5be925456a57
- fixed: d3e09bf4654fe5478b6dbf2b26ebab6271317d81
versions:
- 2.9.0
ecosystem_specific:
severity: HIGH