CVE-2012-5669

Published: 31 December 2012

The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read.

Priority

Status

Package	Release	Status
freetype Launchpad, Ubuntu, Debian	hardy	Released (2.3.5-1ubuntu4.8.04.10)
	lucid	Released (2.3.11-1ubuntu2.7)
	oneiric	Released (2.4.4-2ubuntu1.3)
	precise	Released (2.4.8-1ubuntu2.1)
	quantal	Released (2.4.10-0ubuntu1.1)
	upstream	Released (2.4.11)
	Patches: upstream: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=07bdb6e289c7954e2a533039dc93c1c136099d2d

References

https://ubuntu.com/security/notices/USN-1686-1
https://www.cve.org/CVERecord?id=CVE-2012-5669
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696691
https://savannah.nongnu.org/bugs/?37906

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›