FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-1137

This CVE name corresponds to:

Entered Topic
2012-04-24 mozilla -- multiple vulnerabilities
2012-04-06 freetype -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2012-1137
Phase Assigned(20120214)

Description

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted header in a BDF font.

References

Source Reference
MLIST [oss-security] 20120306 Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9
CONFIRM http://www.mozilla.org/security/announce/2012/mfsa2012-21.html
CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=733512
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=800595
CONFIRM http://support.apple.com/kb/HT5503
APPLE APPLE-SA-2012-09-19-1
GENTOO GLSA-201204-04
REDHAT RHSA-2012:0467
SUSE SUSE-SU-2012:0483
SECUNIA 48758
SECUNIA 48951
SECUNIA 48822
SECUNIA 48973
SECUNIA 48797