{"id":"OSV-2026-121","summary":"Use-of-uninitialized-value in trySubset","details":"OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=477657796\n\n```\nCrash type: Use-of-uninitialized-value\nCrash state:\ntrySubset\nhb-subset-fuzzer.cc\n```\n","modified":"2026-01-24T14:24:01.498986Z","published":"2026-01-24T00:15:22.824642Z","references":[{"type":"REPORT","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=477657796"}],"affected":[{"package":{"name":"harfbuzz","ecosystem":"OSS-Fuzz","purl":"pkg:generic/harfbuzz"},"ranges":[{"type":"GIT","repo":"https://github.com/harfbuzz/harfbuzz.git","events":[{"introduced":"abcb75a5d175c1375c6bed2184656e5738f88ffd"},{"fixed":"dc73849f567478d6b4e4bbb678a9e25537918465"},{"fixed":"e365cd0e2e5b8cec1a13561036bc3fc4a4f8c11c"}]}],"versions":["12.3.1"],"ecosystem_specific":{"severity":"MEDIUM"},"database_specific":{"introduced_range":"2cc865b77d37149663fce8eed5e9b89fa488a792:6e37798a16c841da1c223ebf478526a84d9c6235","fixed_range":"b17fa8ef39b0e8ea3851d43625f366860750e385:e365cd0e2e5b8cec1a13561036bc3fc4a4f8c11c","source":"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/harfbuzz/OSV-2026-121.yaml"}}],"schema_version":"1.7.3"}