Denial of Service Vulnerability in FreeType Font Rendering
CVE-2012-5670

Currently unrated

Key Information:

Vendor

Freetype

Status
Freetype
Vendor
CVE Published:
24 January 2013

What is CVE-2012-5670?

The _bdf_parse_glyphs function in FreeType versions prior to 2.4.11 is vulnerable to a Denial of Service attack, which can be exploited by context-dependent attackers. The vulnerability is triggered through specific vectors involving BDF fonts where the ENCODING field contains a negative value. This misconfiguration may lead to an out-of-bounds write and ultimately crash the application, posing significant risks to systems reliant on this font-rendering library.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securitytracker.com/id?1027921
vdb-entryx_refsource_SECTRACK
http://www.freetype.org/
x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-1686-1
vendor-advisoryx_refsource_UBUNTU

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.