## This update for harfbuzz fixes the following issues: Update to version 11.4.5: Security fixes: * CVE-2026-22693: Fixed a NULL pointer dereference in SubtableUnicodesCache::create (bsc#1256459). Other fixes: * Bug fixes for \u201cAAT\u201d shaping, and other shaping micro optimizations. * Fix a shaping regression affecting mark glyphs in certain fonts. * Fix pruning of mark filtering sets when subsetting fonts, which caused changes in shaping behaviour. * Make shaping fail much faster for certain malformed fonts (e.g., those that trigger infinite recursion). * Fix undefined behaviour introduced in 11.4.2. * Fix detection of the \u201cCambria Math\u201d font when fonts are scaled, so the workaround for the bad MATH table constant is applied. * Various performance and memory usage improvements.
* bsc#1256459
Cross-
* CVE-2026-22693
CVSS scores:
* CVE-2026-22693 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-22693 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-22693 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:
* SUSE Linux Enterprise Server - BCI 16.0
An update that solves one vulnerability can now be installed.
##
* https://www.suse.com/security/cve/CVE-2026-22693.html
* https://bugzilla.suse.com/show_bug.cgi?id=1256459
Get the latest Linux and open source security news straight to your inbox.