Lucene search

[email protected]CVE-2012-1130

HistoryApr 25, 2012 - 10:10 a.m.

CVE-2012-1130

2012-04-2510:10:18

CWE-119

[email protected]

web.nvd.nist.gov

cve-2012-1130

freetype

mozilla firefox mobile

denial of service

remote attackers

memory corruption

pcf font

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.052 Low

EPSS

Percentile

93.1%

JSON

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a PCF font.

Affected configurations

NVD

Node

freetypefreetypeRange≤2.4.8

freetypefreetypeMatch1.3.1

freetypefreetypeMatch2.0.0

freetypefreetypeMatch2.0.1

freetypefreetypeMatch2.0.2

freetypefreetypeMatch2.0.3

freetypefreetypeMatch2.0.4

freetypefreetypeMatch2.0.5

freetypefreetypeMatch2.0.6

freetypefreetypeMatch2.0.7

freetypefreetypeMatch2.0.8

freetypefreetypeMatch2.0.9

freetypefreetypeMatch2.1

freetypefreetypeMatch2.1.3

freetypefreetypeMatch2.1.4

freetypefreetypeMatch2.1.5

freetypefreetypeMatch2.1.6

freetypefreetypeMatch2.1.7

freetypefreetypeMatch2.1.8

freetypefreetypeMatch2.1.8rc1

freetypefreetypeMatch2.1.9

freetypefreetypeMatch2.1.10

freetypefreetypeMatch2.2.0

freetypefreetypeMatch2.2.1

freetypefreetypeMatch2.3.0

freetypefreetypeMatch2.3.1

freetypefreetypeMatch2.3.2

freetypefreetypeMatch2.3.3

freetypefreetypeMatch2.3.4

freetypefreetypeMatch2.3.5

freetypefreetypeMatch2.3.6

freetypefreetypeMatch2.3.7

freetypefreetypeMatch2.3.8

freetypefreetypeMatch2.3.9

freetypefreetypeMatch2.3.10

freetypefreetypeMatch2.3.11

freetypefreetypeMatch2.3.12

freetypefreetypeMatch2.4.0

freetypefreetypeMatch2.4.1

freetypefreetypeMatch2.4.2

freetypefreetypeMatch2.4.3

freetypefreetypeMatch2.4.4

freetypefreetypeMatch2.4.5

freetypefreetypeMatch2.4.6

freetypefreetypeMatch2.4.7

mozillafirefox_mobileRange≤10.0.3

mozillafirefox_mobileMatch1.0

mozillafirefox_mobileMatch4.0

mozillafirefox_mobileMatch4.0beta1

mozillafirefox_mobileMatch4.0beta2

mozillafirefox_mobileMatch4.0beta3

mozillafirefox_mobileMatch4.0beta4

mozillafirefox_mobileMatch5.0

mozillafirefox_mobileMatch6.0

mozillafirefox_mobileMatch6.0.1

mozillafirefox_mobileMatch6.0.2

mozillafirefox_mobileMatch7.0

mozillafirefox_mobileMatch8.0

mozillafirefox_mobileMatch9.0

mozillafirefox_mobileMatch10.0

mozillafirefox_mobileMatch10.0.1

mozillafirefox_mobileMatch10.0.2

CPENameOperatorVersion
freetype:freetypefreetypele2.4.8
freetype:freetypefreetypeeq1.3.1
freetype:freetypefreetypeeq2.0.0
freetype:freetypefreetypeeq2.0.1
freetype:freetypefreetypeeq2.0.2
freetype:freetypefreetypeeq2.0.3
freetype:freetypefreetypeeq2.0.4
freetype:freetypefreetypeeq2.0.5
freetype:freetypefreetypeeq2.0.6
freetype:freetypefreetypeeq2.0.7

CPE	Name	Operator	Version
freetype:freetype	freetype	le	2.4.8
freetype:freetype	freetype	eq	1.3.1
freetype:freetype	freetype	eq	2.0.0
freetype:freetype	freetype	eq	2.0.1
freetype:freetype	freetype	eq	2.0.2
freetype:freetype	freetype	eq	2.0.3
freetype:freetype	freetype	eq	2.0.4
freetype:freetype	freetype	eq	2.0.5
freetype:freetype	freetype	eq	2.0.6
freetype:freetype	freetype	eq	2.0.7