{"id":"CVE-2022-33068","details":"An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.","modified":"2026-04-12T02:56:56.869208Z","published":"2022-06-23T17:15:14.350Z","related":["ALSA-2022:8384","SUSE-SU-2022:2663-1","SUSE-SU-2022:2664-1","openSUSE-SU-2022:2663-1","openSUSE-SU-2024:12168-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FQBJ24W6TXLSAQWCFW7IBGUMX4AJI3S4/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQMEXOVDL3T2UXKBCON7JSOCE646G7HG/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W56WTC5IY4EIUHVUIHMCXA3BSBZLSZCI/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202209-11"},{"type":"FIX","url":"https://github.com/harfbuzz/harfbuzz/issues/3557"},{"type":"FIX","url":"https://github.com/harfbuzz/harfbuzz/commit/62e803b36173fd096d7ad460dd1d1db9be542593"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/behdad/harfbuzz","events":[{"introduced":"0"},{"last_affected":"aee123fc83388b8f5acfb301d87bd92eccc5b843"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.3.0"}]}},{"type":"GIT","repo":"https://github.com/harfbuzz/harfbuzz","events":[{"introduced":"0"},{"fixed":"62e803b36173fd096d7ad460dd1d1db9be542593"}]}],"versions":["0.6.0","0.9.1","0.9.10","0.9.11","0.9.12","0.9.13","0.9.14","0.9.15","0.9.16","0.9.17","0.9.18","0.9.19","0.9.2","0.9.20","0.9.21","0.9.22","0.9.23","0.9.24","0.9.25","0.9.26","0.9.27","0.9.28","0.9.29","0.9.3","0.9.30","0.9.31","0.9.32","0.9.33","0.9.34","0.9.35","0.9.36","0.9.37","0.9.38","0.9.39","0.9.4","0.9.40","0.9.41","0.9.42","0.9.5","0.9.6","0.9.7","0.9.8","0.9.9","1.0.0","1.0.1","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.1.0","1.1.1","1.1.2","1.1.3","1.2.0","1.2.1","1.2.2","1.2.3","1.2.4","1.2.5","1.2.6","1.2.7","1.3.0","1.3.1","1.3.2","1.3.3","1.3.4","1.4.0","1.4.1","1.4.2","1.4.3","1.4.4","1.4.5","1.4.6","1.4.7","1.4.8","1.5.0","1.5.1","1.6.0","1.6.1","1.6.2","1.6.3","1.7.0","1.7.1","1.7.2","1.7.3","1.7.4","1.7.5","1.7.6","1.7.7","1.8.0","1.8.1","1.8.2","1.8.3","1.8.4","1.8.5","1.8.6","1.8.7","1.8.8","1.9.0","2.0.0","2.0.1","2.0.2","2.1.0","2.1.1","2.1.2","2.1.3","2.2.0","2.3.0","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.6.6","2.6.7","2.6.8","2.7.0","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.1","2.8.2","2.9.0","2.9.1","3.0.0","3.1.0","3.1.1","3.1.2","3.2.0","3.3.0","3.3.1","3.3.2","3.4.0","4.0.0","4.0.1","4.1.0","4.2.0","4.2.1","4.3.0","hb-rename","ng-mergepoint","pango-extractpoint","pango-start"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"35"}]},{"events":[{"introduced":"0"},{"last_affected":"36"}]}],"vanir_signatures_modified":"2026-04-12T02:56:56Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-33068.json","vanir_signatures":[{"digest":{"line_hashes":["189741007956986259831449181766921563166","174860539934597271047022014970797353491","268384559524554595331797354405313115461"],"threshold":0.9},"signature_version":"v1","signature_type":"Line","source":"https://github.com/harfbuzz/harfbuzz/commit/62e803b36173fd096d7ad460dd1d1db9be542593","id":"CVE-2022-33068-edb39a93","target":{"file":"src/hb-ot-color-sbix-table.hh"},"deprecated":false}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}