Lucene search

[email protected]NVD:CVE-2012-1137

HistoryApr 25, 2012 - 10:10 a.m.

CVE-2012-1137

2012-04-2510:10:18

CWE-119

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.052 Low

EPSS

Percentile

93.1%

JSON

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted header in a BDF font.

Affected configurations

NVD

Node

freetypefreetypeRange≤2.4.8

freetypefreetypeMatch1.3.1

freetypefreetypeMatch2.0.0

freetypefreetypeMatch2.0.1

freetypefreetypeMatch2.0.2

freetypefreetypeMatch2.0.3

freetypefreetypeMatch2.0.4

freetypefreetypeMatch2.0.5

freetypefreetypeMatch2.0.6

freetypefreetypeMatch2.0.7

freetypefreetypeMatch2.0.8

freetypefreetypeMatch2.0.9

freetypefreetypeMatch2.1

freetypefreetypeMatch2.1.3

freetypefreetypeMatch2.1.4

freetypefreetypeMatch2.1.5

freetypefreetypeMatch2.1.6

freetypefreetypeMatch2.1.7

freetypefreetypeMatch2.1.8

freetypefreetypeMatch2.1.8rc1

freetypefreetypeMatch2.1.9

freetypefreetypeMatch2.1.10

freetypefreetypeMatch2.2.0

freetypefreetypeMatch2.2.1

freetypefreetypeMatch2.3.0

freetypefreetypeMatch2.3.1

freetypefreetypeMatch2.3.2

freetypefreetypeMatch2.3.3

freetypefreetypeMatch2.3.4

freetypefreetypeMatch2.3.5

freetypefreetypeMatch2.3.6

freetypefreetypeMatch2.3.7

freetypefreetypeMatch2.3.8

freetypefreetypeMatch2.3.9

freetypefreetypeMatch2.3.10

freetypefreetypeMatch2.3.11

freetypefreetypeMatch2.3.12

freetypefreetypeMatch2.4.0

freetypefreetypeMatch2.4.1

freetypefreetypeMatch2.4.2

freetypefreetypeMatch2.4.3

freetypefreetypeMatch2.4.4

freetypefreetypeMatch2.4.5

freetypefreetypeMatch2.4.6

freetypefreetypeMatch2.4.7

mozillafirefox_mobileRange≤10.0.3

mozillafirefox_mobileMatch1.0

mozillafirefox_mobileMatch4.0

mozillafirefox_mobileMatch4.0beta1

mozillafirefox_mobileMatch4.0beta2

mozillafirefox_mobileMatch4.0beta3

mozillafirefox_mobileMatch4.0beta4

mozillafirefox_mobileMatch5.0

mozillafirefox_mobileMatch6.0

mozillafirefox_mobileMatch6.0.1

mozillafirefox_mobileMatch6.0.2

mozillafirefox_mobileMatch7.0

mozillafirefox_mobileMatch8.0

mozillafirefox_mobileMatch9.0

mozillafirefox_mobileMatch10.0

mozillafirefox_mobileMatch10.0.1

mozillafirefox_mobileMatch10.0.2

References

lists.apple.com/archives/security-announce/2012/Sep/msg00003.html

lists.opensuse.org/opensuse-security-announce/2012-04/msg00002.html

lists.opensuse.org/opensuse-security-announce/2012-04/msg00003.html

lists.opensuse.org/opensuse-security-announce/2012-04/msg00004.html

rhn.redhat.com/errata/RHSA-2012-0467.html

secunia.com/advisories/48508

secunia.com/advisories/48758

secunia.com/advisories/48797

secunia.com/advisories/48822

secunia.com/advisories/48951

secunia.com/advisories/48973

security.gentoo.org/glsa/glsa-201204-04.xml

support.apple.com/kb/HT5503

www.mandriva.com/security/advisories?name=MDVSA-2012:057

www.mozilla.org/security/announce/2012/mfsa2012-21.html

www.openwall.com/lists/oss-security/2012/03/06/16

www.securityfocus.com/bid/52318

www.securitytracker.com/id?1026765

www.ubuntu.com/usn/USN-1403-1

bugzilla.mozilla.org/show_bug.cgi?id=733512

bugzilla.redhat.com/show_bug.cgi?id=800595

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.052 Low

EPSS

Percentile

93.1%

JSON

Related for NVD:CVE-2012-1137

ubuntucve1 cve1 debiancve1 prion1 veracode1 cvelist1 openvas24 nessus15 centos1 oraclelinux1 redhat1 suse5 mozilla1 ubuntu1 freebsd2 gentoo1 securityvulns3