Advisories » MGASA-2026-0015

Updated harfbuzz packages fix security vulnerability

Publication date: 23 Jan 2026
Modification date: 22 Jan 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-22693

Description

Null Pointer Dereference in SubtableUnicodesCache::create leading to
DoS. (CVE-2026-22693)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=35042
• https://www.openwall.com/lists/oss-security/2026/01/11/1
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/QJUDZGUEVHTL26NPJUIGPHUOUKLUMCFB/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22693

SRPMS

9/core

• harfbuzz-7.0.1-1.2.mga9