Array Index Error in FreeType Affects Mozilla Firefox Mobile and Other Products
CVE-2012-1139

Currently unrated

Key Information:

Vendor: Freetype
Status: Freetype; Firefox Mobile
Vendor: CVE Published:; 25 April 2012

What is CVE-2012-1139?

The vulnerability arises from an array index error in FreeType, which is implemented in Mozilla Firefox Mobile versions prior to 10.0.4 and other products. Attackers can exploit this flaw by manipulating glyph data in BDF fonts, potentially leading to denial of service or executing arbitrary code due to invalid stack read operations and memory corruption.

References

http://secunia.com/advisories/48797

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/48508

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/48822

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Apr 25, 2012
Vulnerability Reserved
Feb 14, 2012

Freetype

What is CVE-2012-1139?

References

Timeline