Computer Security
[EN] securityvulns.ru no-pyccku


FreeType multiple security vulnerabilitiles
Published:09.03.2012
Source:
SecurityVulns ID:12220
Type:library
Threat Level:
6/10
Description:Multiple vulnerabilities on font files parsing .
Affected:FREETYPE : FreeType 2.4
CVE:CVE-2012-1144 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via a crafted TrueType font.)
 CVE-2012-1142 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph-outline data in a font.)
 CVE-2012-1136 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font that lacks an ENCODING field.)
 CVE-2012-1134 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted private-dictionary data in a Type 1 font.)
 CVE-2012-1133 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2428-1] freetype security update (09.03.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod