CVE-2026-0943 - Vulnerability Details

CVE-2026-0943 - HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability

HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability. Versions before 0.032 contain HarfBuzz 8.4.0 or earlier bundled as hb_src.tar.gz in the source tarball, which is affected by CVE-2026-22693.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

References

Link	Providers
https://bugzilla.redhat.com/show_bug.cgi?id=2429296
https://metacpan.org/release/JV/HarfBuzz-Shaper-0.032/changes
https://www.cve.org/CVERecord?id=CVE-2026-22693

History

Mon, 19 Jan 2026 03:30:00 +0000

Type	Values Removed	Values Added
Description		HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability. Versions before 0.032 contain HarfBuzz 8.4.0 or earlier bundled as hb_src.tar.gz in the source tarball, which is affected by CVE-2026-22693.
Title		HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability
Weaknesses		CWE-1395
References		https://bugzilla.redhat.com/show_bug.cgi?id=2429296 https://metacpan.org/release/JV/HarfBuzz-Shaper-0.032/changes https://www.cve.org/CVERecord?id=CVE-2026-22693

MITRE

Status: PUBLISHED

Assigner: CPANSec

Published: 2026-01-19T02:46:52.012Z

Updated: 2026-01-19T02:54:06.255Z

Reserved: 2026-01-14T15:30:04.686Z

Link: CVE-2026-0943

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-01-19T04:15:58.710

Modified: 2026-01-19T04:15:58.710

Link: CVE-2026-0943

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object