Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1142

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2012-1142
Last Modified 28 Dec 2012 11:38:54
Published 25 Apr 2012 06:10:18
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1142

Summary

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph-outline data in a font.

Vulnerable Systems

Application

  • Freetype 1.3.1

  • Freetype 2.0

  • Freetype 2.0.1

  • Freetype 2.0.2

  • Freetype 2.0.3

  • Freetype 2.0.4

  • Freetype 2.0.5

  • Freetype 2.0.6

  • Freetype 2.0.7

  • Freetype 2.0.8

  • Freetype 2.0.9

  • Freetype 2.1

  • Freetype 2.1.10

  • Freetype 2.1.3

  • Freetype 2.1.4

  • Freetype 2.1.5

  • Freetype 2.1.6

  • Freetype 2.1.7

  • Freetype 2.1.8

  • Freetype 2.1.8 Rc1

  • Freetype 2.1.9

  • Freetype 2.2

  • Freetype 2.2.1

  • Freetype 2.3.0

  • Freetype 2.3.1

  • Freetype 2.3.10

  • Freetype 2.3.11

  • Freetype 2.3.12

  • Freetype 2.3.2

  • Freetype 2.3.3

  • Freetype 2.3.4

  • Freetype 2.3.5

  • Freetype 2.3.6

  • Freetype 2.3.7

  • Freetype 2.3.8

  • Freetype 2.3.9

  • Freetype 2.4.0

  • Freetype 2.4.1

  • Freetype 2.4.2

  • Freetype 2.4.3

  • Freetype 2.4.4

  • Freetype 2.4.5

  • Freetype 2.4.6

  • Freetype 2.4.7

  • Freetype 2.4.8

  • Mozilla Firefox Mobile 1.0

  • Mozilla Firefox Mobile 10.0

  • Mozilla Firefox Mobile 10.0.1

  • Mozilla Firefox Mobile 10.0.2

  • Mozilla Firefox Mobile 10.0.3

  • Mozilla Firefox Mobile 4.0

  • Mozilla Firefox Mobile 5.0

  • Mozilla Firefox Mobile 6.0

  • Mozilla Firefox Mobile 6.0.1

  • Mozilla Firefox Mobile 6.0.2

  • Mozilla Firefox Mobile 7.0

  • Mozilla Firefox Mobile 8.0

  • Mozilla Firefox Mobile 9.0


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=800604

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=733512

MLIST - [oss-security] 20120306 Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9

CONFIRM - http://www.mozilla.org/security/announce/2012/mfsa2012-21.html

DEBIAN - DSA-2428

GENTOO - GLSA-201204-04

SECUNIA - 48918

SECUNIA - 48758

REDHAT - RHSA-2012:0467

SUSE - SUSE-SU-2012:0521

SUSE - SUSE-SU-2012:0483

CONFIRM - http://support.apple.com/kb/HT5503

APPLE - APPLE-SA-2012-09-19-1

SECUNIA - 48973

SECUNIA - 48951

SECUNIA - 48822

SECUNIA - 48797

Related Patches

Red Hat 2012:0467-01 RHSA Important: freetype security update for RHEL 5 x86

Red Hat 2012:0467-01 RHSA Important: freetype security update for RHEL 5 x86_64

Novell SUSE 2012:6052 freetype2 security update for SLE 11 SP1 x86_64

Novell SUSE 2012:6052 freetype2 security update for SLE 11 SP1 i586

Novell SUSE 2012:8039 freetype2 security update for SLE 10 SP4 x86_64

Novell SUSE 2012:8039 freetype2 security update for SLE 10 SP4 i586


Last Updated: 27 May 2016 10:49:39