Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2012-1134

Published: 25/04/2012 Updated: 13/02/2023
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Freetype

Vulnerability Summary

FreeType prior to 2.4.9, as used in Mozilla Firefox Mobile prior to 10.0.4 and other products, allows remote malicious users to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted private-dictionary data in a Type 1 font.

Vulnerable Product Search on Vulmon Subscribe to Product

freetype freetype 2.0.3

freetype freetype 2.4.0

freetype freetype 2.4.2

mozilla firefox mobile 4.0

freetype freetype 2.3.6

freetype freetype

freetype freetype 2.1.9

freetype freetype 2.1.10

freetype freetype 2.3.4

freetype freetype 2.0.1

freetype freetype 2.3.5

mozilla firefox mobile 8.0

mozilla firefox mobile 10.0.1

mozilla firefox mobile 7.0

freetype freetype 2.1

freetype freetype 2.1.5

freetype freetype 2.3.10

mozilla firefox mobile 10.0.2

freetype freetype 1.3.1

mozilla firefox mobile 6.0.2

freetype freetype 2.4.4

freetype freetype 2.4.6

freetype freetype 2.1.8

freetype freetype 2.2.1

freetype freetype 2.1.3

mozilla firefox mobile 6.0

freetype freetype 2.3.3

freetype freetype 2.1.6

mozilla firefox mobile 9.0

freetype freetype 2.3.0

freetype freetype 2.3.1

freetype freetype 2.0.5

freetype freetype 2.4.1

freetype freetype 2.4.3

freetype freetype 2.0.7

freetype freetype 2.0.9

freetype freetype 2.3.7

freetype freetype 2.0.6

freetype freetype 2.0.4

mozilla firefox mobile 1.0

freetype freetype 2.3.8

freetype freetype 2.3.11

mozilla firefox mobile 6.0.1

freetype freetype 2.3.2

freetype freetype 2.0.2

freetype freetype 2.0.8

freetype freetype 2.3.12

mozilla firefox mobile

freetype freetype 2.3.9

mozilla firefox mobile 10.0

freetype freetype 2.4.5

mozilla firefox mobile 5.0

freetype freetype 2.1.7

freetype freetype 2.4.7

freetype freetype 2.1.4

freetype freetype 2.0.0

freetype freetype 2.2.0

Vendor Advisories

Red Hat: Important: freetype security update
Synopsis Important: freetype security update Type/Severity Security Advisory: Important Topic Updated freetype packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as havingimportant security impact Common ...
Debian CVElist Bug Report Logs: freetype: multiple vulnerabilities in freetype before 2.4.9
Debian Bug report logs - #662864 freetype: multiple vulnerabilities in freetype before 249 Package: src:freetype; Maintainer for src:freetype is Hugh McMaster <hughmcmaster@outlookcom>; Reported by: Yves-Alexis Perez <corsac@debianorg> Date: Tue, 6 Mar 2012 21:13:14 UTC Severity: grave Tags: security Fixed in ...
Ubuntu Security Notice: freetype vulnerabilities
FreeType could be made to crash or run programs as your login if it opened a specially crafted font file ...
Amazon Linux AMI: ALAS-2012-066
Multiple flaws were found in the way FreeType handled fonts in various formats If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash ...
Mozilla: Multiple security flaws fixed in FreeType v2.4.9
Mozilla Foundation Security Advisory 2012-21 Multiple security flaws fixed in FreeType v249 Announced April 24, 2012 Reporter Mateusz Jurczyk Impact Critical Products Firefox Mobile Fixed in ...

References

CWE-119https://bugzilla.redhat.com/show_bug.cgi?id=800592https://bugzilla.mozilla.org/show_bug.cgi?id=733512http://www.mozilla.org/security/announce/2012/mfsa2012-21.htmlhttp://www.openwall.com/lists/oss-security/2012/03/06/16http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00002.htmlhttp://security.gentoo.org/glsa/glsa-201204-04.xmlhttp://secunia.com/advisories/48758http://secunia.com/advisories/48918http://rhn.redhat.com/errata/RHSA-2012-0467.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-04/msg00015.htmlhttp://support.apple.com/kb/HT5503http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.htmlhttp://secunia.com/advisories/48822http://secunia.com/advisories/48951http://secunia.com/advisories/48973http://secunia.com/advisories/48797http://www.debian.org/security/2012/dsa-2428http://secunia.com/advisories/48508http://www.ubuntu.com/usn/USN-1403-1http://www.securitytracker.com/id?1026765http://www.securityfocus.com/bid/52318http://secunia.com/advisories/48300http://www.mandriva.com/security/advisories?name=MDVSA-2012:057http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-04/msg00003.htmlhttps://access.redhat.com/errata/RHSA-2012:0467https://usn.ubuntu.com/1403-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook