Memory Corruption and Denial of Service in FreeType Used by Mozilla Firefox Mobile
CVE-2012-1142

Currently unrated

Key Information:

Vendor: Freetype
Status: Freetype; Firefox Mobile
Vendor: CVE Published:; 25 April 2012

What is CVE-2012-1142?

The FreeType library before version 2.4.9, utilized in Mozilla Firefox Mobile prior to version 10.0.4 and other software, is prone to a vulnerability that may enable remote attackers to execute arbitrary code or cause a denial of service. This occurs through the manipulation of crafted glyph outline data in fonts, potentially leading to invalid heap write operations and memory corruption, posing significant risks to user security.

References

http://secunia.com/advisories/48797

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/48300

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/48508

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Apr 25, 2012
Vulnerability Reserved
Feb 14, 2012

Freetype

What is CVE-2012-1142?

References

Timeline