{"id":"CVE-2023-25193","details":"hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.","modified":"2026-04-12T01:01:14.569703Z","published":"2023-02-04T20:15:08.027Z","related":["ALSA-2023:4158","ALSA-2023:4159","ALSA-2023:4175","ALSA-2023:4177","ALSA-2024:2410","ALSA-2024:2980","CGA-8h2f-cgw9-hwqf","MGASA-2023-0272","SUSE-SU-2023:1820-1","SUSE-SU-2023:1821-1","SUSE-SU-2023:1822-1","SUSE-SU-2023:1852-1","SUSE-SU-2023:2990-1","SUSE-SU-2023:3023-1","SUSE-SU-2023:3287-1","SUSE-SU-2023:3406-1","SUSE-SU-2023:3441-1","openSUSE-SU-2024:12660-1","openSUSE-SU-2024:13075-1","openSUSE-SU-2024:13076-1","openSUSE-SU-2024:13131-1","openSUSE-SU-2025:0066-1","openSUSE-SU-2025:0067-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWCHWSICWVZSAXP2YAXM65JC2GR53547/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZ5M2GSAIHFPLHYJXUPQ2QDJCLWXUGO3/"},{"type":"ADVISORY","url":"https://github.com/harfbuzz/harfbuzz/blob/2822b589bc837fae6f66233e2cf2eef0f6ce8470/src/hb-ot-layout-gsubgpos.hh"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20230725-0006/"},{"type":"FIX","url":"https://chromium.googlesource.com/chromium/src/+/e1f324aa681af54101c1f2d173d92adb80e37088/DEPS#361"},{"type":"FIX","url":"https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/behdad/harfbuzz","events":[{"introduced":"0"},{"last_affected":"afcae83a064843d71d47624bc162e121cc56c08b"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"6.0.0"}]}},{"type":"GIT","repo":"https://github.com/harfbuzz/harfbuzz","events":[{"introduced":"0"},{"fixed":"85be877925ddbf34f74a1229f3ca1716bb6170dc"}]}],"versions":["0.6.0","0.9.1","0.9.10","0.9.11","0.9.12","0.9.13","0.9.14","0.9.15","0.9.16","0.9.17","0.9.18","0.9.19","0.9.2","0.9.20","0.9.21","0.9.22","0.9.23","0.9.24","0.9.25","0.9.26","0.9.27","0.9.28","0.9.29","0.9.3","0.9.30","0.9.31","0.9.32","0.9.33","0.9.34","0.9.35","0.9.36","0.9.37","0.9.38","0.9.39","0.9.4","0.9.40","0.9.41","0.9.42","0.9.5","0.9.6","0.9.7","0.9.8","0.9.9","1.0.0","1.0.1","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.1.0","1.1.1","1.1.2","1.1.3","1.2.0","1.2.1","1.2.2","1.2.3","1.2.4","1.2.5","1.2.6","1.2.7","1.3.0","1.3.1","1.3.2","1.3.3","1.3.4","1.4.0","1.4.1","1.4.2","1.4.3","1.4.4","1.4.5","1.4.6","1.4.7","1.4.8","1.5.0","1.5.1","1.6.0","1.6.1","1.6.2","1.6.3","1.7.0","1.7.1","1.7.2","1.7.3","1.7.4","1.7.5","1.7.6","1.7.7","1.8.0","1.8.1","1.8.2","1.8.3","1.8.4","1.8.5","1.8.6","1.8.7","1.8.8","1.9.0","2.0.0","2.0.1","2.0.2","2.1.0","2.1.1","2.1.2","2.1.3","2.2.0","2.3.0","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.6.6","2.6.7","2.6.8","2.7.0","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.1","2.8.2","2.9.0","2.9.1","3.0.0","3.1.0","3.1.1","3.1.2","3.2.0","3.3.0","3.3.1","3.3.2","3.4.0","4.0.0","4.0.1","4.1.0","4.2.0","4.2.1","4.3.0","4.4.0","4.4.1","5.0.0","5.0.1","5.1.0","5.2.0","5.3.0","5.3.1","6.0.0","hb-rename","ng-mergepoint","pango-extractpoint","pango-start"],"database_specific":{"vanir_signatures":[{"target":{"file":"src/hb-ot-layout-gsubgpos.hh"},"source":"https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc","signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["199082770400909606321589194843450527664","87419159144381551629992409665691100659","316516650934869293814167978590599149972","203275194265138133167303134542089474071"]},"signature_type":"Line","id":"CVE-2023-25193-cb610f4e"}],"vanir_signatures_modified":"2026-04-12T01:01:14Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25193.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"36"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}