CVE-2012-1140

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted PostScript font object.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.6:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.7:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.8:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.8:rc1:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.9:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.10:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.5:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.6:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.7:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.8:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.9:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.10:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.11:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.12:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.4.5:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.4.6:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.4.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_mobile:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_mobile:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_mobile:4.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_mobile:4.0:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_mobile:4.0:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_mobile:4.0:beta3:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_mobile:4.0:beta4:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_mobile:5.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_mobile:6.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_mobile:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_mobile:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_mobile:7.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_mobile:8.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_mobile:9.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_mobile:10.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_mobile:10.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_mobile:10.0.2:*:*:*:*:*:*:*

History

13 Feb 2023, 04:33

Type Values Removed Values Added
Summary CVE-2012-1140 freetype: multiple buffer over-read in PS parser conversion functions (#35657) FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted PostScript font object.
References
  • {'url': 'https://access.redhat.com/errata/RHSA-2012:0467', 'name': 'https://access.redhat.com/errata/RHSA-2012:0467', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/security/cve/CVE-2012-1140', 'name': 'https://access.redhat.com/security/cve/CVE-2012-1140', 'tags': [], 'refsource': 'MISC'}

02 Feb 2023, 15:15

Type Values Removed Values Added
References
  • (MISC) https://access.redhat.com/errata/RHSA-2012:0467 -
  • (MISC) https://access.redhat.com/security/cve/CVE-2012-1140 -
Summary FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted PostScript font object. CVE-2012-1140 freetype: multiple buffer over-read in PS parser conversion functions (#35657)

26 Jan 2021, 12:43

Type Values Removed Values Added
CPE cpe:2.3:a:freetype:freetype:2.2:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.8_rc1:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.0:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.0.0:*:*:*:*:*:*:*

Information

Published : 2012-04-25 10:10

Updated : 2023-12-10 11:16


NVD link : CVE-2012-1140

Mitre link : CVE-2012-1140

CVE.ORG link : CVE-2012-1140


JSON object : View

Products Affected

mozilla

  • firefox_mobile

freetype

  • freetype
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer