{"id":"CVE-2022-33068","details":"An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.","modified":"2026-05-18T05:53:55.695939633Z","published":"2022-06-22T13:24:42Z","related":["ALSA-2022:8384","SUSE-SU-2022:2663-1","SUSE-SU-2022:2664-1","openSUSE-SU-2022:2663-1","openSUSE-SU-2024:12168-1"],"database_specific":{"cna_assigner":"mitre","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/33xxx/CVE-2022-33068.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/33xxx/CVE-2022-33068.json"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FQBJ24W6TXLSAQWCFW7IBGUMX4AJI3S4/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQMEXOVDL3T2UXKBCON7JSOCE646G7HG/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W56WTC5IY4EIUHVUIHMCXA3BSBZLSZCI/"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-33068"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202209-11"},{"type":"REPORT","url":"https://github.com/harfbuzz/harfbuzz/issues/3557"},{"type":"FIX","url":"https://github.com/harfbuzz/harfbuzz/commit/62e803b36173fd096d7ad460dd1d1db9be542593"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/harfbuzz/harfbuzz","events":[{"introduced":"0"},{"last_affected":"aee123fc83388b8f5acfb301d87bd92eccc5b843"}],"database_specific":{"source":"CPE_FIELD","cpe":"cpe:2.3:a:harfbuzz_project:harfbuzz:4.3.0:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"4.3.0"}]}}],"versions":["3.0.0","4.3.0","4.2.1","4.2.0","4.1.0","4.0.1","4.0.0","3.4.0","3.3.2","3.3.1","3.3.0","3.2.0","3.1.2","3.1.1","3.1.0","2.9.1","2.9.0","2.8.2","2.8.1","2.8.0","2.7.4","2.7.3","2.7.2","2.7.1","2.7.0","2.6.8","2.6.7","2.6.6","2.6.5","2.6.4","2.6.3","2.6.2","2.6.1","2.6.0","2.5.3","2.5.2","2.5.1","2.5.0","2.3.0","2.2.0","2.1.3","2.1.2","2.1.1","2.1.0","2.0.2","2.0.1","2.0.0","1.9.0","1.8.8","1.8.7","1.8.6","1.8.5","1.8.1","1.8.4","1.8.3","1.8.2","1.8.0","1.7.7","1.7.6","1.7.5","1.7.4","1.7.3","1.7.2","1.7.1","1.7.0","1.6.3","1.6.2","1.6.1","1.6.0","1.5.1","1.5.0","1.4.8","1.4.7","1.4.6","1.4.5","1.4.4","1.4.3","1.4.2","1.4.1","1.4.0","1.3.4","1.3.3","1.3.2","1.3.1","1.3.0","1.2.7","1.2.6","1.2.5","1.2.4","1.2.3","1.2.2","1.2.1","1.2.0","1.1.3","1.1.2","1.1.1","1.1.0","1.0.6","1.0.5","1.0.4","1.0.3","1.0.2","1.0.1","1.0.0","0.9.42","0.9.41","0.9.40","0.9.39","0.9.38","0.9.37","0.9.36","0.9.35","0.9.34","0.9.33","0.9.32","0.9.31","0.9.30","0.9.29","0.9.28","0.9.27","0.9.26","0.9.25","0.9.24","0.9.23","0.9.22","0.9.21","0.9.20","0.9.19","0.9.18","0.9.17","0.9.16","0.9.15","0.9.14","0.9.13","0.9.12","0.9.11","0.9.10","0.9.9","0.9.8","0.9.7","0.9.6","0.9.5","0.9.4","0.9.3","0.9.2","0.9.1","0.6.0","pango-extractpoint","ng-mergepoint","hb-rename","pango-start"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-33068.json"}}],"schema_version":"1.7.5"}