Denial of Service in FreeType Used in Mozilla Firefox Mobile and Other Products
CVE-2012-1127

Currently unrated

Key Information:

Vendor: Freetype
Status: Freetype; Firefox Mobile
Vendor: CVE Published:; 25 April 2012

What is CVE-2012-1127?

A vulnerability exists in FreeType prior to version 2.4.9, which is incorporated in Mozilla Firefox Mobile versions before 10.0.4. This flaw can be exploited by attackers to trigger a denial of service, leading to an invalid heap read operation and potential memory corruption. By crafting specific glyph or bitmap data in a BDF font, remote attackers may also be able to execute arbitrary code, thereby compromising the affected systems.

References

http://secunia.com/advisories/48797

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/48508

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/48822

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Apr 25, 2012
Vulnerability Reserved
Feb 14, 2012

Freetype

What is CVE-2012-1127?

References

Timeline