Published: 25/04/2012 Updated: 26/01/2021

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

FreeType prior to 2.4.9, as used in Mozilla Firefox Mobile prior to 10.0.4 and other products, allows remote malicious users to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the MIRP instruction in a TrueType font.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox mobile 10.0.2
mozilla firefox mobile 10.0.1
mozilla firefox mobile 6.0
mozilla firefox mobile 5.0
freetype freetype 2.3.9
freetype freetype 2.1
freetype freetype 2.4.2
freetype freetype 2.3.8
freetype freetype 2.3.10
freetype freetype 2.3.1
freetype freetype 2.3.3
freetype freetype 2.1.7
freetype freetype 2.2.1
freetype freetype 2.0.6
freetype freetype 2.0.2
freetype freetype 2.0.1
mozilla firefox mobile 8.0
mozilla firefox mobile 7.0
mozilla firefox mobile 4.0
freetype freetype 2.3.5
freetype freetype 2.4.7
freetype freetype 2.3.2
freetype freetype 2.4.0
freetype freetype 2.2.0
freetype freetype 2.1.9
freetype freetype 2.1.3
freetype freetype 2.1.10
freetype freetype 2.0.7
freetype freetype 2.0.5
freetype freetype
mozilla firefox mobile 6.0.2
mozilla firefox mobile 6.0.1
mozilla firefox mobile 1.0
freetype freetype 2.4.6
freetype freetype 2.4.1
freetype freetype 2.3.12
freetype freetype 2.3.11
freetype freetype 2.3.4
freetype freetype 2.4.4
freetype freetype 2.1.5
freetype freetype 2.1.4
freetype freetype 2.0.4
freetype freetype 2.0.3
mozilla firefox mobile 10.0
mozilla firefox mobile 9.0
freetype freetype 2.0.9
freetype freetype 2.4.3
freetype freetype 2.1.8
freetype freetype 2.3.7
freetype freetype 2.3.6
freetype freetype 2.3.0
freetype freetype 2.4.5
freetype freetype 2.1.6
freetype freetype 1.3.1
freetype freetype 2.0.8
freetype freetype 2.0.0
mozilla firefox mobile

FreeType could be made to crash or run programs as your login if it opened a specially crafted font file ...

Mozilla Foundation Security Advisory 2012-21 Multiple security flaws fixed in FreeType v249 Announced April 24, 2012 Reporter Mateusz Jurczyk Impact Critical Products Firefox Mobile Fixed in ...

CWE-119 http://www.openwall.com/lists/oss-security/2012/03/06/16 https://bugzilla.mozilla.org/show_bug.cgi?id=733512 http://www.mozilla.org/security/announce/2012/mfsa2012-21.html https://bugzilla.redhat.com/show_bug.cgi?id=800597 http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00002.html http://security.gentoo.org/glsa/glsa-201204-04.xml http://secunia.com/advisories/48918 http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00015.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://support.apple.com/kb/HT5503 http://secunia.com/advisories/48822 http://secunia.com/advisories/48951 http://secunia.com/advisories/48973 http://secunia.com/advisories/48797 http://secunia.com/advisories/48508 http://www.ubuntu.com/usn/USN-1403-1 http://www.securitytracker.com/id?1026765 http://www.securityfocus.com/bid/52318 http://www.mandriva.com/security/advisories?name=MDVSA-2012:057 http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00003.html https://usn.ubuntu.com/1403-1/https://nvd.nist.gov

CVE-2012-1138

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect