Denial of service vulnerability in FreeType product by FreeType
CVE-2012-5669

Currently unrated

Key Information:

Vendor: Freetype
Status: Freetype
Vendor: CVE Published:; 24 January 2013

Summary

The _bdf_parse_glyphs function in FreeType prior to version 2.4.11 is susceptible to a denial of service attack. Malicious actors can exploit this vulnerability by triggering an out-of-bounds read through crafted BDF font files. This could lead to application crashes and may even allow attackers to execute arbitrary code under certain conditions. Users of FreeType should ensure they update to a secure version to mitigate the risks associated with this vulnerability.

References

http://www.securitytracker.com/id?1027921

vdb-entryx_refsource_SECTRACK

http://www.freetype.org/

x_refsource_CONFIRM

http://www.ubuntu.com/usn/USN-1686-1

vendor-advisoryx_refsource_UBUNTU

Timeline

Vulnerability published
Jan 24, 2013
Vulnerability Reserved
Oct 24, 2012