Lucene search
Ubuntu.comUB:CVE-2012-1139HistoryMar 07, 2012 - 12:00 a.m.
CVE-2012-1139
2012-03-0700:00:00
ubuntu.com
ubuntu.com
6
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.052 Low
EPSS
Percentile
93.1%
Array index error in FreeType before 2.4.9, as used in Mozilla Firefox
Mobile before 10.0.4 and other products, allows remote attackers to cause a
denial of service (invalid stack read operation and memory corruption) or
possibly execute arbitrary code via crafted glyph data in a BDF font.
Bugs
- <https://savannah.nongnu.org/bugs/?35656>
- <https://bugzilla.redhat.com/show_bug.cgi?id=800598>
Notes
| Author | Note |
|---|---|
| tyhicks | Reproducer doesn’t trigger under valgrind, code is present |
Related
cve
cve
CVE-2012-1139
2012-04-25 10:10:18
veracode
veracode
Arbitrary Code Execution
2020-04-10 01:09:34
prion
prion
Memory corruption
2012-04-25 10:10:00
debiancve
debiancve
CVE-2012-1139
2012-04-25 10:10:18
cvelist
cvelist
CVE-2012-1139
2012-04-25 10:00:00
nvd
nvd
CVE-2012-1139
2012-04-25 10:10:18
nessus
nessus
Scientific Linux Security Update : freetype on SL5.x, SL6.x i386/x86_64 (20120410)
2012-08-01 00:00:00
CentOS 5 / 6 : freetype (CESA-2012:0467)
2012-04-11 00:00:00
RHEL 5 / 6 : freetype (RHSA-2012:0467)
2012-04-11 00:00:00
redhat
redhat
(RHSA-2012:0467) Important: freetype security update
2012-04-10 00:00:00
openvas
openvas
CentOS Update for freetype CESA-2012:0467 centos6
2012-07-30 00:00:00
RedHat Update for freetype RHSA-2012:0467-01
2012-04-11 00:00:00
RedHat Update for freetype RHSA-2012:0467-01
2012-04-11 00:00:00
oraclelinux
oraclelinux
freetype security update
2012-04-10 00:00:00
centos
centos
freetype security update
2012-04-10 21:09:43
suse
suse
Security update for freetype2 (important)
2012-04-18 18:08:39
Security update for freetype2 (important)
2012-04-11 20:08:18
Security update for freetype2 (important)
2012-04-23 15:08:12
ubuntu
ubuntu
FreeType vulnerabilities
2012-03-23 00:00:00
mozilla
mozilla
Multiple security flaws fixed in FreeType v2.4.9 — Mozilla
2012-04-24 00:00:00
gentoo
gentoo
FreeType: Multiple vulnerabilities
2012-04-17 00:00:00
freebsd
freebsd
freetype -- multiple vulnerabilities
2012-03-08 00:00:00
mozilla -- multiple vulnerabilities
2012-04-24 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-05-09 00:00:00
Apple iOS multiple security vulnerabilities
2012-09-24 00:00:00
APPLE-SA-2012-09-19-1 iOS 6
2012-09-24 00:00:00
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.052 Low
EPSS
Percentile
93.1%
Related for UB:CVE-2012-1139