Memory Corruption Vulnerability in FreeType Affecting Mozilla Products
CVE-2012-1144

Currently unrated

Key Information:

Vendor: Freetype
Status: Freetype; Firefox Mobile
Vendor: CVE Published:; 25 April 2012

What is CVE-2012-1144?

FreeType versions before 2.4.9, utilized in Mozilla Firefox Mobile before 10.0.4, is susceptible to a vulnerability that allows remote attackers to perform a denial of service through an invalid heap write operation. This flaw can potentially lead to memory corruption and may allow the execution of arbitrary code via specially crafted TrueType fonts, presenting significant security risks for users.

References

http://secunia.com/advisories/48300

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/48508

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/48822

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 25, 2012
Vulnerability Reserved
Feb 14, 2012

Freetype

What is CVE-2012-1144?

References

Timeline