Published: 24/01/2013 Updated: 26/01/2021

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

FreeType prior to 2.4.11 allows context-dependent malicious users to cause a denial of service (NULL pointer dereference and crash) via vectors related to BDF fonts and the improper handling of an "allocation error" in the bdf_free_font function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
freetype freetype 2.4.3
freetype freetype 2.4.0
freetype freetype 2.3.4
freetype freetype 2.3.3
freetype freetype 2.3.9
freetype freetype 2.3.11
freetype freetype 2.3.10
freetype freetype 2.1.6
freetype freetype 2.1.8
freetype freetype 2.0.3
freetype freetype 2.0.4
freetype freetype 2.0.9
freetype freetype 2.0.6
freetype freetype 2.4.9
freetype freetype 2.4.7
freetype freetype 2.4.1
freetype freetype 2.3.6
freetype freetype 2.3.2
freetype freetype 2.2.0
freetype freetype 2.2.1
freetype freetype 2.1.3
freetype freetype 2.1.10
freetype freetype 2.0.0
freetype freetype 2.0.1
freetype freetype
freetype freetype 2.4.5
freetype freetype 2.4.2
freetype freetype 2.4.6
freetype freetype 2.3.5
freetype freetype 2.3.12
freetype freetype 2.1.9
freetype freetype 2.1.7
freetype freetype 2.1.5
freetype freetype 2.1.4
freetype freetype 2.1
freetype freetype 2.0.2
freetype freetype 2.0.8
freetype freetype 2.4.4
freetype freetype 2.4.8
freetype freetype 2.3.8
freetype freetype 2.3.7
freetype freetype 2.3.1
freetype freetype 2.3.0
freetype freetype 2.0.5
freetype freetype 2.0.7
freetype freetype 1.3.1

Debian Bug report logs - #696691 freetype: multiple vulnerabilities in freetype before 2411 Package: src:freetype; Maintainer for src:freetype is Hugh McMaster <hughmcmaster@outlookcom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 25 Dec 2012 23:36:01 UTC Severity: grave Tags: patch, security ...

FreeType could be made to crash or run programs as your login if it opened a specially crafted file ...

CWE-119 http://lists.opensuse.org/opensuse-updates/2013-01/msg00056.html http://www.securitytracker.com/id?1027921 http://lists.opensuse.org/opensuse-updates/2013-01/msg00068.html http://www.freetype.org/http://lists.opensuse.org/opensuse-updates/2013-01/msg00078.html https://savannah.nongnu.org/bugs/?37905 http://www.ubuntu.com/usn/USN-1686-1 http://secunia.com/advisories/51826 http://www.openwall.com/lists/oss-security/2012/12/25/2 http://secunia.com/advisories/51900 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9b6b5754b57c12b820e01305eb69b8863a161e5a http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.520186 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696691 https://usn.ubuntu.com/1686-1/https://nvd.nist.gov

CVE-2012-5668

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect