Denial of Service Vulnerability in FreeType Software Used by Mozilla Firefox Mobile
CVE-2012-1136

Currently unrated

Key Information:

Vendor: Freetype
Status: Freetype; Firefox Mobile
Vendor: CVE Published:; 25 April 2012

What is CVE-2012-1136?

Prior to the release of version 2.4.9, FreeType is susceptible to a vulnerability that allows an attacker to conduct a denial-of-service attack or potentially execute arbitrary code. This is achieved through the manipulation of glyph or bitmap data within a BDF font, particularly when missing the ENCODING field. Such manipulation can lead to invalid heap write operations and memory corruption, exposing systems using this version of FreeType, particularly in mobile environments like Mozilla Firefox Mobile, to significant security risks.

References

http://secunia.com/advisories/48797

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/48300

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/48508

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Apr 25, 2012
Vulnerability Reserved
Feb 14, 2012

Freetype

What is CVE-2012-1136?

References

Timeline