Denial of Service Vulnerability in FreeType Affects Mozilla Firefox Mobile and Other Products
CVE-2012-1129

Currently unrated

Key Information:

Vendor: Freetype
Status: Freetype; Firefox Mobile
Vendor: CVE Published:; 25 April 2012

What is CVE-2012-1129?

The FreeType library, prior to version 2.4.9, contains a vulnerability that can be exploited to cause a denial of service. This occurs due to an invalid heap read operation and potential memory corruption when processing specially crafted SFNT strings in Type 42 fonts. Attackers exploiting this vulnerability could disrupt normal application operations, potentially leading to arbitrary code execution in vulnerable installations of Mozilla Firefox Mobile and similar products.

References

http://secunia.com/advisories/48797

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/48508

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/48822

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Apr 25, 2012
Vulnerability Reserved
Feb 14, 2012

Freetype

What is CVE-2012-1129?

References

Timeline