CVE-2012-1126

Summary

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a BDF font.

Impact & exploitability

AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected products we track (1)

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Additional information

• NVD record
• http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
• http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00002.html
• http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00003.html
• http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00004.html
• http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00015.html
• http://rhn.redhat.com/errata/RHSA-2012-0467.html
• http://secunia.com/advisories/48508
• http://secunia.com/advisories/48758