Denial of Service and Memory Corruption in FreeType Used by Mozilla Firefox Mobile
CVE-2012-1126

Currently unrated

Key Information:

Vendor: Freetype
Status: Freetype; Firefox Mobile
Vendor: CVE Published:; 25 April 2012

What is CVE-2012-1126?

The vulnerability in FreeType affects versions prior to 2.4.9, utilized in Mozilla Firefox Mobile before 10.0.4. This flaw could allow remote attackers to exploit crafted property data in BDF fonts, leading to an invalid heap read operation. Such exploitation might result in memory corruption, which can cause denial of service or potentially allow the execution of arbitrary code.

References

http://secunia.com/advisories/48797

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/48508

third-party-advisoryx_refsource_SECUNIA

https://bugzilla.redhat.com/show_bug.cgi?id=800581

x_refsource_CONFIRM

Timeline

Vulnerability published
Apr 25, 2012
Vulnerability Reserved
Feb 14, 2012

Freetype

What is CVE-2012-1126?

References

Timeline