Denial of Service Vulnerability in FreeType Font Engine
CVE-2012-5668

Currently unrated

Key Information:

Vendor: Freetype
Status: Freetype
Vendor: CVE Published:; 24 January 2013

What is CVE-2012-5668?

The FreeType Font Engine prior to version 2.4.11 is susceptible to a denial of service, resulting from context-dependent attacks. The vulnerability arises when specific BDF fonts are processed, allowing attackers to exploit improper handling of an allocation error in the bdf_free_font function, leading to a NULL pointer dereference and application crash.

References

http://www.securitytracker.com/id?1027921

vdb-entryx_refsource_SECTRACK

http://www.freetype.org/

x_refsource_CONFIRM

https://savannah.nongnu.org/bugs/?37905

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 24, 2013
Vulnerability Reserved
Oct 24, 2012

Freetype

What is CVE-2012-5668?

References

Timeline