SB2026042873 - NULL pointer dereference in HarfBuzz

Description

This security bulletin contains information about 1 security vulnerability.

1) NULL pointer dereference (CVE-ID: CVE-2026-22693)

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to a null pointer dereference in OT::SubtableUnicodesCache::create() when processing font subsetting operations. A remote attacker can trigger a memory allocation failure that leads to a null pointer being used with placement new to cause a denial of service.

The issue is triggered when hb_malloc returns NULL, such as in low-memory conditions or with custom allocators that simulate allocation failures, and results in a segmentation fault during hb_subset_preprocess.

Remediation

Install update from vendor's website.

References

• https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-xvjr-f2r9-c7ww
• https://github.com/advisories/GHSA-xvjr-f2r9-c7ww