Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mozillaMozilla FoundationMFSA2012-21
HistoryApr 24, 2012 - 12:00 a.m.

Multiple security flaws fixed in FreeType v2.4.9 — Mozilla

2012-04-2400:00:00
Mozilla Foundation
www.mozilla.org
19

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.246 Low

EPSS

Percentile

96.6%

JSON

Mateusz Jurczyk of the Google Security Team used the Address Sanitizer tool to discover a series of memory safety bugs in the FreeType library, some of which could cause memory corruption and exploitable crashes with certain fonts and font parsing. Firefox Mobile has been upgraded to FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not use Freetype for fonts and was not affected.

CPENameOperatorVersion
firefox mobilelt10.0.4

References

Related

openvas 29
suse 6
nessus 17
ubuntu 1
gentoo 1
freebsd 2
oraclelinux 1
centos 1
redhat 1
debian 1
securityvulns 5
amazon 1
slackware 1
prion 19
debiancve 19
cve 19
ubuntucve 19
veracode 14
openvas
openvas
Ubuntu Update for freetype USN-1403-1
2012-03-26 00:00:00
Mandriva Update for freetype2 MDVSA-2012:057 (freetype2)
2012-08-03 00:00:00
Ubuntu: Security Advisory (USN-1403-1)
2012-03-26 00:00:00
suse
suse
Security update for freetype2 (important)
2012-04-11 21:08:19
freetype2 update (important)
2012-04-12 10:09:06
Security update for freetype2 (important)
2012-04-11 20:08:18
nessus
nessus
Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : freetype vulnerabilities (USN-1403-1)
2012-03-23 00:00:00
FreeBSD : freetype -- multiple vulnerabilities (462e2d6c-8017-11e1-a571-bcaec565249c)
2012-04-09 00:00:00
SuSE 11.1 Security Update : freetype2 (SAT Patch Number 6052)
2012-04-12 00:00:00
ubuntu
ubuntu
FreeType vulnerabilities
2012-03-23 00:00:00
gentoo
gentoo
FreeType: Multiple vulnerabilities
2012-04-17 00:00:00
freebsd
freebsd
freetype -- multiple vulnerabilities
2012-03-08 00:00:00
mozilla -- multiple vulnerabilities
2012-04-24 00:00:00
oraclelinux
oraclelinux
freetype security update
2012-04-10 00:00:00
centos
centos
freetype security update
2012-04-10 21:09:43
redhat
redhat
(RHSA-2012:0467) Important: freetype security update
2012-04-10 00:00:00
debian
debian
[SECURITY] [DSA 2428-1] freetype security update
2012-03-08 20:48:00
securityvulns
securityvulns
FreeType multiple security vulnerabilitiles
2012-03-09 00:00:00
[SECURITY] [DSA 2428-1] freetype security update
2012-03-09 00:00:00
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-05-09 00:00:00
amazon
amazon
Important: freetype
2012-04-30 14:46:00
slackware
slackware
[slackware-security] freetype
2012-06-25 15:27:37
prion
prion
Memory corruption
2012-04-25 10:10:00
Memory corruption
2012-04-25 10:10:00
Heap overflow
2012-04-25 10:10:00
debiancve
debiancve
CVE-2012-1135
2012-04-25 10:10:00
CVE-2012-1140
2012-04-25 10:10:00
CVE-2012-1144
2012-04-25 10:10:00
cve
cve
CVE-2012-1144
2012-04-25 10:10:00
CVE-2012-1134
2012-04-25 10:10:00
CVE-2012-1131
2012-04-25 10:10:00
ubuntucve
ubuntucve
CVE-2012-1137
2012-03-07 00:00:00
CVE-2012-1136
2012-03-07 00:00:00
CVE-2012-1132
2012-03-07 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 01:09:33
Arbitrary Code Execution
2020-04-10 01:09:35
Arbitrary Code Execution
2020-04-10 01:09:33

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.246 Low

EPSS

Percentile

96.6%

JSON
Related for MFSA2012-21
openvas29suse6nessus17ubuntu1gentoo1freebsd2oraclelinux1centos1redhat1debian1securityvulns5amazon1slackware1prion19debiancve19cve19ubuntucve19veracode14