HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability.
Versions before 0.032 contain HarfBuzz 8.4.0 or earlier bundled as hb_src.tar.gz in the source tarball, which is affected by CVE-2026-22693.
Versions before 0.032 contain HarfBuzz 8.4.0 or earlier bundled as hb_src.tar.gz in the source tarball, which is affected by CVE-2026-22693.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
No data.
Advisories
No advisories yet.
Fixes
Solution
Users should update to version 0.032 or later, where the bundled HarfBuzz library was updated to version 12.3.0.
Workaround
No workaround given by the vendor.
References
History
Mon, 19 Jan 2026 03:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability. Versions before 0.032 contain HarfBuzz 8.4.0 or earlier bundled as hb_src.tar.gz in the source tarball, which is affected by CVE-2026-22693. | |
| Title | HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability | |
| Weaknesses | CWE-1395 | |
| References |
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: CPANSec
Published:
Updated: 2026-01-19T02:54:06.255Z
Reserved: 2026-01-14T15:30:04.686Z
Link: CVE-2026-0943
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-01-19T04:15:58.710
Modified: 2026-01-19T04:15:58.710
Link: CVE-2026-0943
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses