Denial of Service Vulnerability in FreeType Used by Mozilla Firefox Mobile
CVE-2012-1135

Currently unrated

Key Information:

Vendor: Freetype
Status: Freetype; Firefox Mobile
Vendor: CVE Published:; 25 April 2012

What is CVE-2012-1135?

FreeType, prior to version 2.4.9, which is utilized in multiple products including Mozilla Firefox Mobile before version 10.0.4, is susceptible to a vulnerability that can be exploited by attackers to induce a denial of service. This can happen through invalid read operations on the heap and can lead to memory corruption. Attackers can leverage this vulnerability through crafted TrueType fonts, particularly using NPUSHB and NPUSHW instructions, potentially allowing them to execute arbitrary code on the affected systems.

References

http://secunia.com/advisories/48797

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/48508

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/48822

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Apr 25, 2012
Vulnerability Reserved
Feb 14, 2012

Freetype

What is CVE-2012-1135?

References

Timeline