Lucene search

[email protected]NVD:CVE-2012-5670

HistoryJan 24, 2013 - 9:55 p.m.

CVE-2012-5670

2013-01-2421:55:01

CWE-119

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.2 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.5%

JSON

The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) via vectors related to BDF fonts and an ENCODING field with a negative value.

Affected configurations

NVD

Node

freetypefreetypeRange≤2.4.10

freetypefreetypeMatch1.3.1

freetypefreetypeMatch2.0.0

freetypefreetypeMatch2.0.1

freetypefreetypeMatch2.0.2

freetypefreetypeMatch2.0.3

freetypefreetypeMatch2.0.4

freetypefreetypeMatch2.0.5

freetypefreetypeMatch2.0.6

freetypefreetypeMatch2.0.7

freetypefreetypeMatch2.0.8

freetypefreetypeMatch2.0.9

freetypefreetypeMatch2.1

freetypefreetypeMatch2.1.3

freetypefreetypeMatch2.1.4

freetypefreetypeMatch2.1.5

freetypefreetypeMatch2.1.6

freetypefreetypeMatch2.1.7

freetypefreetypeMatch2.1.8

freetypefreetypeMatch2.1.8rc1

freetypefreetypeMatch2.1.9

freetypefreetypeMatch2.1.10

freetypefreetypeMatch2.2.0

freetypefreetypeMatch2.2.1

freetypefreetypeMatch2.3.0

freetypefreetypeMatch2.3.1

freetypefreetypeMatch2.3.2

freetypefreetypeMatch2.3.3

freetypefreetypeMatch2.3.4

freetypefreetypeMatch2.3.5

freetypefreetypeMatch2.3.6

freetypefreetypeMatch2.3.7

freetypefreetypeMatch2.3.8

freetypefreetypeMatch2.3.9

freetypefreetypeMatch2.3.10

freetypefreetypeMatch2.3.11

freetypefreetypeMatch2.3.12

freetypefreetypeMatch2.4.0

freetypefreetypeMatch2.4.1

freetypefreetypeMatch2.4.2

freetypefreetypeMatch2.4.3

freetypefreetypeMatch2.4.4

freetypefreetypeMatch2.4.5

freetypefreetypeMatch2.4.6

freetypefreetypeMatch2.4.7

freetypefreetypeMatch2.4.8

freetypefreetypeMatch2.4.9

References

git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7f2e4f4f553f6836be7683f66226afac3fa979b8

lists.opensuse.org/opensuse-updates/2013-01/msg00056.html

lists.opensuse.org/opensuse-updates/2013-01/msg00078.html

secunia.com/advisories/51826

secunia.com/advisories/51900

www.freetype.org/

www.openwall.com/lists/oss-security/2012/12/25/2

www.securitytracker.com/id?1027921

www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.520186

www.ubuntu.com/usn/USN-1686-1

savannah.nongnu.org/bugs/?37907

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.2 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.5%

JSON

Related for NVD:CVE-2012-5670

ubuntucve1 debiancve1 prion1 cve1 cvelist1 slackware1 debian1 securityvulns2 nessus6 gentoo1 openvas4 ubuntu1