Memory Corruption Vulnerability in FreeType Used by Mozilla Firefox Mobile
CVE-2012-1133

Currently unrated

Key Information:

Vendor: Freetype
Status: Freetype; Firefox Mobile
Vendor: CVE Published:; 25 April 2012

What is CVE-2012-1133?

The FreeType library, prior to version 2.4.9, exposes applications like Mozilla Firefox Mobile to serious risks, enabling remote attackers to execute malicious payloads. By sending specially crafted glyphs or bitmap data in a BDF font, attackers can trigger an invalid heap write operation that could lead to memory corruption and potentially allow arbitrary code execution, compromising the integrity and security of the affected systems.

References

http://secunia.com/advisories/48797

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/48300

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/48508

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Apr 25, 2012
Vulnerability Reserved
Feb 14, 2012

Freetype

What is CVE-2012-1133?

References

Timeline