CVE-2012-4190 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

10.0CRITICALNVD

EPSS

8.5%

top 7.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Cyanogenmod

Timeline

PublishedOct 12

Latest updateMay 17

Description

The FT2FontEntry::CreateFontEntry function in FreeType, as used in the Android build of Mozilla Firefox before 16.0.1 on CyanogenMod 10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDmozilla/firefox16.0+151

▶NVDcyanogenmod/cyanogenmod10

🔴Vulnerability Details

GHSA

GHSA-vp62-hh5v-fxcw: The FT2FontEntry::CreateFontEntry function in FreeType, as used in the Android build of Mozilla Firefox before 16↗2022-05-17

▶

📋Vendor Advisories

Red Hat

freetype: memory corruption and application crash (reported against firefox on android)↗2012-10-11

▶

💬Community

Bugzilla

CVE-2012-4190 freetype: memory corruption and application crash (reported against firefox on android)↗2012-11-02

▶