Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

SUSE Linux Enterprise Server FontForge Low Risk Resource Exhaustion Alert

suse
Calendar Grey April 1, 2026
Dist Suse Esm H88
Update for harfbuzz addresses a moderate issue with a NULL pointer dereference vulnerability in SUSE.
An update that solves one vulnerability can now be installed.

Summary

## This update for harfbuzz fixes the following issues: Update to version 11.4.5: Security fixes: * CVE-2026-22693: Fixed a NULL pointer dereference in SubtableUnicodesCache::create (bsc#1256459). Other fixes: * Bug fixes for \u201cAAT\u201d shaping, and other shaping micro optimizations. * Fix a shaping regression affecting mark glyphs in certain fonts. * Fix pruning of mark filtering sets when subsetting fonts, which caused changes in shaping behaviour. * Make shaping fail much faster for certain malformed fonts (e.g., those that trigger infinite recursion). * Fix undefined behaviour introduced in 11.4.2. * Fix detection of the \u201cCambria Math\u201d font when fonts are scaled, so the workaround for the bad MATH table constant is applied. * Various performance and memory usage improvements.

References

* bsc#1256459

Cross-

* CVE-2026-22693

CVSS scores:

* CVE-2026-22693 ( SUSE ): 6.9

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

* CVE-2026-22693 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2026-22693 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* SUSE Linux Enterprise Server - BCI 16.0

An update that solves one vulnerability can now be installed.

##

* https://www.suse.com/security/cve/CVE-2026-22693.html

* https://bugzilla.suse.com/show_bug.cgi?id=1256459

Announcement ID: SUSE-SU-2026:20922-1
Release Date: 2026-03-20T15:26:24Z
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here