CVE-2012-1144

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via a crafted TrueType font.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.6:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.7:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.8:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.8:rc1:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.9:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.10:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.5:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.6:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.7:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.8:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.9:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.10:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.11:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.12:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.4.5:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.4.6:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.4.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_mobile:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_mobile:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_mobile:4.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_mobile:4.0:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_mobile:4.0:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_mobile:4.0:beta3:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_mobile:4.0:beta4:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_mobile:5.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_mobile:6.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_mobile:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_mobile:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_mobile:7.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_mobile:8.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_mobile:9.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_mobile:10.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_mobile:10.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_mobile:10.0.2:*:*:*:*:*:*:*

History

13 Feb 2023, 04:33

Type Values Removed Values Added
Summary CVE-2012-1144 freetype: insufficient checking of first outline point in TTF parser (#35689) FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via a crafted TrueType font.
References
  • {'url': 'https://access.redhat.com/errata/RHSA-2012:0467', 'name': 'https://access.redhat.com/errata/RHSA-2012:0467', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/security/cve/CVE-2012-1144', 'name': 'https://access.redhat.com/security/cve/CVE-2012-1144', 'tags': [], 'refsource': 'MISC'}

02 Feb 2023, 18:15

Type Values Removed Values Added
Summary FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via a crafted TrueType font. CVE-2012-1144 freetype: insufficient checking of first outline point in TTF parser (#35689)
References
  • (MISC) https://access.redhat.com/errata/RHSA-2012:0467 -
  • (MISC) https://access.redhat.com/security/cve/CVE-2012-1144 -

26 Jan 2021, 12:43

Type Values Removed Values Added
CPE cpe:2.3:a:freetype:freetype:2.2:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.8_rc1:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.0:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.0.0:*:*:*:*:*:*:*

Information

Published : 2012-04-25 10:10

Updated : 2023-12-10 11:16


NVD link : CVE-2012-1144

Mitre link : CVE-2012-1144

CVE.ORG link : CVE-2012-1144


JSON object : View

Products Affected

mozilla

  • firefox_mobile

freetype

  • freetype
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer