Memory Corruption in FreeType Affects Mozilla Products
CVE-2012-1141

Currently unrated

Key Information:

Vendor: Freetype
Status: Freetype; Firefox Mobile
Vendor: CVE Published:; 25 April 2012

What is CVE-2012-1141?

The FreeType library, utilized in various products including Mozilla Firefox Mobile, is susceptible to a memory corruption vulnerability that can be triggered when a crafted ASCII string in a BDF font is processed. This flaw can lead to unexpected behavior, including a denial-of-service condition due to invalid heap read operations. Attackers can exploit this vulnerability to potentially execute arbitrary code remotely, posing significant risks to users and their devices.

References

http://secunia.com/advisories/48797

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/48508

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/48822

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 25, 2012
Vulnerability Reserved
Feb 14, 2012

Freetype

What is CVE-2012-1141?

References

Timeline