CVE-2026-0943
Publication date 19 January 2026
Last updated 19 January 2026
Ubuntu priority
Description
HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability. Versions before 0.032 contain HarfBuzz 8.4.0 or earlier bundled as hb_src.tar.gz in the source tarball, which is affected by CVE-2026-22693.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| libharfbuzz-shaper-perl | 25.10 questing |
Needs evaluation
|
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release |