Denial of Service Vulnerability in FreeType Font Rendering
CVE-2012-5670

Currently unrated

Key Information:

Vendor: Freetype
Status: Freetype
Vendor: CVE Published:; 24 January 2013

Summary

The _bdf_parse_glyphs function in FreeType versions prior to 2.4.11 is vulnerable to a Denial of Service attack, which can be exploited by context-dependent attackers. The vulnerability is triggered through specific vectors involving BDF fonts where the ENCODING field contains a negative value. This misconfiguration may lead to an out-of-bounds write and ultimately crash the application, posing significant risks to systems reliant on this font-rendering library.

References

http://www.securitytracker.com/id?1027921

vdb-entryx_refsource_SECTRACK

http://www.freetype.org/

x_refsource_CONFIRM

http://www.ubuntu.com/usn/USN-1686-1

vendor-advisoryx_refsource_UBUNTU

Timeline

Vulnerability published
Jan 24, 2013
Vulnerability Reserved
Oct 24, 2012