Denial of Service Vulnerability in FreeType Affects Mozilla Firefox Mobile
CVE-2012-1140

Currently unrated

Key Information:

Vendor: Freetype
Status: Freetype; Firefox Mobile
Vendor: CVE Published:; 25 April 2012

What is CVE-2012-1140?

Earlier versions of FreeType, particularly those before 2.4.9, have been identified to allow attackers to exploit a memory handling flaw within Mozilla Firefox Mobile versions prior to 10.0.4. This vulnerability may lead to remote denial of service, enabling the execution of arbitrary code, caused by crafted PostScript font objects which trigger invalid heap read operations and memory corruptions. It underscores the need for proficient font parsing to safeguard against malicious attacks.

References

http://secunia.com/advisories/48508

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/48822

third-party-advisoryx_refsource_SECUNIA

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

Timeline

Vulnerability published
Apr 25, 2012
Vulnerability Reserved
Feb 14, 2012

Freetype

What is CVE-2012-1140?

References

Timeline