Executive Summary

This vulnerability is a null pointer dereference in the perl-HarfBuzz-Shaper package, specifically within the bundled HarfBuzz library used for text shaping. When the affected code dereferences a null pointer, it can cause the program to crash or result in a denial of service. [1]

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can cause the affected software to crash or become unavailable due to a denial of service condition triggered by the null pointer dereference. This can disrupt normal operations of applications relying on the HarfBuzz library for text shaping. [1]

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking the version of the perl-HarfBuzz-Shaper package installed on your system. Versions before 0.032 are vulnerable. On Fedora systems, you can use the package manager to query the installed version with commands like 'rpm -q perl-HarfBuzz-Shaper' or 'dnf list installed perl-HarfBuzz-Shaper'. There are no specific network detection commands provided. [1]

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, immediately upgrade the perl-HarfBuzz-Shaper package to version 0.032-1.fc42 or later on Fedora 42, or 0.032-2.fc43 or later on Fedora 43. This can be done by enabling the updates-testing repository and installing the updates using the Fedora package manager with the advisories FEDORA-2026-55dfa04750 (Fedora 42) and FEDORA-2026-c7954c45b7 (Fedora 43). [1]

Useful 0 Not Useful 0