Remote Code Execution and Denial of Service Vulnerability in FreeType Used by Mozilla Firefox Mobile
CVE-2012-1134

Currently unrated

Key Information:

Vendor: Freetype
Status: Freetype; Firefox Mobile
Vendor: CVE Published:; 25 April 2012

What is CVE-2012-1134?

FreeType versions prior to 2.4.9, as utilized in Mozilla Firefox Mobile versions before 10.0.4, are susceptible to a vulnerability that can be exploited by attackers. By supplying specially crafted private dictionary data in a Type 1 font, an attacker may trigger a memory corruption event leading to denial of service or even arbitrary code execution. This highlights the importance of timely updates and patching in mitigating risks associated with font handling in applications.

References

http://secunia.com/advisories/48797

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/48300

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/48508

third-party-advisoryx_refsource_SECUNIA

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 25, 2012
Vulnerability Reserved
Feb 14, 2012

Freetype

What is CVE-2012-1134?

References

EPSS Score

Timeline