Published: 25/04/2012 Updated: 13/02/2023

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

FreeType prior to 2.4.9, as used in Mozilla Firefox Mobile prior to 10.0.4 and other products, on 64-bit platforms allows remote malicious users to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors related to the cell table of a font.

Vulnerable Product	Search on Vulmon	Subscribe to Product
freetype freetype 2.0.3
freetype freetype 2.4.0
freetype freetype 2.4.2
mozilla firefox mobile 4.0
freetype freetype 2.3.6
freetype freetype
freetype freetype 2.1.9
freetype freetype 2.1.10
freetype freetype 2.3.4
freetype freetype 2.0.1
freetype freetype 2.3.5
mozilla firefox mobile 8.0
mozilla firefox mobile 10.0.1
mozilla firefox mobile 7.0
freetype freetype 2.1
freetype freetype 2.1.5
freetype freetype 2.3.10
mozilla firefox mobile 10.0.2
freetype freetype 1.3.1
mozilla firefox mobile 6.0.2
freetype freetype 2.4.4
freetype freetype 2.4.6
freetype freetype 2.1.8
freetype freetype 2.2.1
freetype freetype 2.1.3
mozilla firefox mobile 6.0
freetype freetype 2.3.3
freetype freetype 2.1.6
mozilla firefox mobile 9.0
freetype freetype 2.3.0
freetype freetype 2.3.1
freetype freetype 2.0.5
freetype freetype 2.4.1
freetype freetype 2.4.3
freetype freetype 2.0.7
freetype freetype 2.0.9
freetype freetype 2.3.7
freetype freetype 2.0.6
freetype freetype 2.0.4
mozilla firefox mobile 1.0
freetype freetype 2.3.8
freetype freetype 2.3.11
mozilla firefox mobile 6.0.1
freetype freetype 2.3.2
freetype freetype 2.0.2
freetype freetype 2.0.8
freetype freetype 2.3.12
mozilla firefox mobile
freetype freetype 2.3.9
mozilla firefox mobile 10.0
freetype freetype 2.4.5
mozilla firefox mobile 5.0
freetype freetype 2.1.7
freetype freetype 2.4.7
freetype freetype 2.1.4
freetype freetype 2.0.0
freetype freetype 2.2.0

Synopsis Important: freetype security update Type/Severity Security Advisory: Important Topic Updated freetype packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as havingimportant security impact Common ...

FreeType could be made to crash or run programs as your login if it opened a specially crafted font file ...

Mozilla Foundation Security Advisory 2012-21 Multiple security flaws fixed in FreeType v249 Announced April 24, 2012 Reporter Mateusz Jurczyk Impact Critical Products Firefox Mobile Fixed in ...

CWE-119 http://www.mozilla.org/security/announce/2012/mfsa2012-21.html https://bugzilla.redhat.com/show_bug.cgi?id=800589 http://www.openwall.com/lists/oss-security/2012/03/06/16 https://bugzilla.mozilla.org/show_bug.cgi?id=733512 http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00002.html http://security.gentoo.org/glsa/glsa-201204-04.xml http://secunia.com/advisories/48758 http://secunia.com/advisories/48918 http://rhn.redhat.com/errata/RHSA-2012-0467.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00015.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://support.apple.com/kb/HT5503 http://secunia.com/advisories/48822 http://secunia.com/advisories/48951 http://secunia.com/advisories/48973 http://secunia.com/advisories/48797 http://secunia.com/advisories/48508 http://www.ubuntu.com/usn/USN-1403-1 http://www.securitytracker.com/id?1026765 http://www.securityfocus.com/bid/52318 http://www.mandriva.com/security/advisories?name=MDVSA-2012:057 http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00003.html https://access.redhat.com/errata/RHSA-2012:0467 https://usn.ubuntu.com/1403-1/https://nvd.nist.gov

CVE-2012-1131

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect