CVE-2012-1139

CWE-119 — Buffer Overflow CWE-121 — Stack-based Buffer Overflow CWE-125 — Out-of-bounds Read10 documents8 sources

Severity

9.3CRITICAL

EPSS

3.0%

top 13.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freetype Freetype Mozilla Firefox Mobile

Timeline

PublishedApr 25

Latest updateMay 13

Description

Array index error in FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid stack read operation and memory corruption) or possibly execute arbitrary code via crafted glyph data in a BDF font.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶NVDmozilla/firefox_mobile10.0.3+12

▶Debianfreetype< 2.4.9-1+3

▶NVDfreetype/freetype2.4.8+43

🔴Vulnerability Details

GHSA

GHSA-c8fh-cq7g-679p: Array index error in FreeType before 2↗2022-05-13

▶

OSV

CVE-2012-1139: Array index error in FreeType before 2↗2012-04-25

▶

CVEList

CVE-2012-1139: Array index error in FreeType before 2↗2012-04-25

▶

📋Vendor Advisories

Ubuntu

FreeType vulnerabilities↗2012-03-23

▶

Red Hat

freetype: data buffer underflow in BDF parser _bdf_parse_glyphs() (#35656)↗2012-02-28

▶

Debian

CVE-2012-1139: freetype - Array index error in FreeType before 2.4.9, as used in Mozilla Firefox Mobile be...↗2012

▶

💬Community

Bugzilla

CVE-2012-{1126,1127,1128,1130,1131,1132,1133,1134,1135,1136,1137,1138,1139,1140,1141,1142,1143,1144} freetype: multiple vulnerabilities [fedora-all]↗2012-03-23

▶

Bugzilla

CVE-2012-1139 freetype: data buffer underflow in BDF parser _bdf_parse_glyphs() (#35656)↗2012-03-06

▶