Primary

Context

HarfBuzz::Shaper Null Pointer Dereference Vulnerability in Perl

Vulnerability

A null pointer dereference vulnerability has been identified in HarfBuzz::Shaper versions prior to 0.032 for Perl. This vulnerability arises from a failure to properly check memory allocation results, allowing a null pointer to be used incorrectly, which can lead to undefined behavior and a segmentation fault. The issue is present in the bundled HarfBuzz library, specifically versions through 8.4.0, and is located in the SubtableUnicodesCache::create function within the cmap table handling.

Impact

Exploitation of this vulnerability causes a null pointer dereference, leading to a segmentation fault and denial of service condition.

Remediation

Users can upgrade to HarfBuzz::Shaper version 0.032 or later to address this vulnerability. Instructions for updating can be found on the Fedora Project's Bodhi update system.

Added: Jan 19, 2026, 4:22 AM

Updated: Jan 19, 2026, 4:22 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

2.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

2.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HarfBuzz::Shaper Null Pointer Dereference Vulnerability in Perl

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating