CVE-2012-1132
Published: 7 March 2012
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted dictionary data in a Type 1 font.
Notes
Author | Note |
---|---|
tyhicks |
Original fix caused regressions. Bugs and fixes linked below. |
Priority
Status
Package | Release | Status |
---|---|---|
freetype
Launchpad, Ubuntu, Debian |
hardy |
Released
(2.3.5-1ubuntu4.8.04.9)
|
lucid |
Released
(2.3.11-1ubuntu2.6)
|
|
maverick |
Released
(2.4.2-2ubuntu0.4)
|
|
natty |
Released
(2.4.4-1ubuntu2.3)
|
|
oneiric |
Released
(2.4.4-2ubuntu1.2)
|
|
upstream |
Released
(2.4.9)
|
|
Patches:
upstream: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=58cbc465d2ccd904dee755cff791fbb3a866646d upstream: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9a55cb7a71286154cb62e947ed1c183450a8004d upstream: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=b43e0f4413b2aafb88be8cb3fb7aaa84ac0b9102 |