CVE-2012-1128

CWE-119 — Buffer Overflow CWE-476 — NULL Pointer Dereference11 documents9 sources

Severity

9.3CRITICAL

EPSS

2.7%

top 14.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freetype Freetype Mozilla Firefox Mobile

Timeline

PublishedApr 25

Latest updateMay 13

Description

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and memory corruption) or possibly execute arbitrary code via a crafted TrueType font.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶NVDmozilla/firefox_mobile10.0.3+12

▶Debianfreetype< 2.4.9-1+3

▶NVDfreetype/freetype2.4.8+43

🔴Vulnerability Details

GHSA

GHSA-9mrf-rm77-2g6j: FreeType before 2↗2022-05-13

▶

CVEList

CVE-2012-1128: FreeType before 2↗2012-04-25

▶

OSV

CVE-2012-1128: FreeType before 2↗2012-04-25

▶

💥Exploits & PoCs

Exploit-DB

SAP NetWeaver Message Server - Multiple Vulnerabilities↗2013-02-17

▶

📋Vendor Advisories

Ubuntu

FreeType vulnerabilities↗2012-03-23

▶

Red Hat

freetype: NULL dereference in the SHZ instruction implementation in TTF BCI (#35601)↗2012-02-23

▶

Debian

CVE-2012-1128: freetype - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other...↗2012

▶

💬Community

Bugzilla

CVE-2012-{1126,1127,1128,1130,1131,1132,1133,1134,1135,1136,1137,1138,1139,1140,1141,1142,1143,1144} freetype: multiple vulnerabilities [fedora-all]↗2012-03-23

▶

Bugzilla

CVE-2012-1128 freetype: NULL dereference in the SHZ instruction implementation in TTF BCI (#35601)↗2012-03-06

▶