What is the severity of CVE-2012-1133?

The severity of CVE-2012-1133 is rated as medium due to the potential for remote code execution when processing malicious BDF font files.

How do I fix CVE-2012-1133?

To fix CVE-2012-1133, update FreeType to version 2.4.9 or later, or apply the appropriate patches provided by your vendor.

What versions of FreeType are affected by CVE-2012-1133?

CVE-2012-1133 affects FreeType versions up to and including 2.4.8, as well as version 1.3.1 and specific older versions.

How can CVE-2012-1133 be exploited?

CVE-2012-1133 can be exploited by an attacker sending a specially-crafted BDF font file to a victim's system, leading to potential code execution.

Which applications are vulnerable because of CVE-2012-1133?

Applications that use the FreeType library for font rendering, especially those with outdated versions, are vulnerable due to CVE-2012-1133.

Vulnerability/
CVE-2012-1133

critical

9.3

CWE

119

6/3/2012

25/4/2012

11/5/2023

CVE-2012-1133: Buffer Overflow

First published: Tue Mar 06 2012(Updated: )

An out-of heap-based buffer write flaw was found in the way FreeType font rendering engine performed parsing of glyph information and bitmaps for certain glyph bitmap distribution format (BDF) fonts. A remote attacker could provide a specially-crafted BDF font file, which once opened in an application linked against FreeType would lead to that application crash, or, potentially, arbitrary code execution with the privileges of the user running the application. Upstream bug report: [1] <a href="https://savannah.nongnu.org/bugs/?35607">https://savannah.nongnu.org/bugs/?35607</a> Upstream patch: [2] <a href="http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=28dd2c45957278e962f95633157b6139de8170aa">http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=28dd2c45957278e962f95633157b6139de8170aa</a> Acknowledgements: Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
FreeType	<=2.4.8
FreeType	=1.3.1
FreeType	=2.0.0
FreeType	=2.0.1
FreeType	=2.0.2
FreeType	=2.0.3
FreeType	=2.0.4
FreeType	=2.0.5
FreeType	=2.0.6
FreeType	=2.0.7
FreeType	=2.0.8
FreeType	=2.0.9
FreeType	=2.1
FreeType	=2.1.3
FreeType	=2.1.4
FreeType	=2.1.5
FreeType	=2.1.6
FreeType	=2.1.7
FreeType	=2.1.8
FreeType	=2.1.8-rc1
FreeType	=2.1.9
FreeType	=2.1.10
FreeType	=2.2.0
FreeType	=2.2.1
FreeType	=2.3.0
FreeType	=2.3.1
FreeType	=2.3.2
FreeType	=2.3.3
FreeType	=2.3.4
FreeType	=2.3.5
FreeType	=2.3.6
FreeType	=2.3.7
FreeType	=2.3.8
FreeType	=2.3.9
FreeType	=2.3.10
FreeType	=2.3.11
FreeType	=2.3.12
FreeType	=2.4.0
FreeType	=2.4.1
FreeType	=2.4.2
FreeType	=2.4.3
FreeType	=2.4.4
FreeType	=2.4.5
FreeType	=2.4.6
FreeType	=2.4.7
Mozilla Firefox	<=10.0.3
Mozilla Firefox	=1.0
Mozilla Firefox	=4.0
Mozilla Firefox	=4.0-beta1
Mozilla Firefox	=4.0-beta2
Mozilla Firefox	=4.0-beta3
Mozilla Firefox	=4.0-beta4
Mozilla Firefox	=5.0
Mozilla Firefox	=6.0
Mozilla Firefox	=6.0.1
Mozilla Firefox	=6.0.2
Mozilla Firefox	=7.0
Mozilla Firefox	=8.0
Mozilla Firefox	=9.0
Mozilla Firefox	=10.0
Mozilla Firefox	=10.0.1
Mozilla Firefox	=10.0.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-1133?
The severity of CVE-2012-1133 is rated as medium due to the potential for remote code execution when processing malicious BDF font files.
How do I fix CVE-2012-1133?
To fix CVE-2012-1133, update FreeType to version 2.4.9 or later, or apply the appropriate patches provided by your vendor.
What versions of FreeType are affected by CVE-2012-1133?
CVE-2012-1133 affects FreeType versions up to and including 2.4.8, as well as version 1.3.1 and specific older versions.
How can CVE-2012-1133 be exploited?
CVE-2012-1133 can be exploited by an attacker sending a specially-crafted BDF font file to a victim's system, leading to potential code execution.
Which applications are vulnerable because of CVE-2012-1133?
Applications that use the FreeType library for font rendering, especially those with outdated versions, are vulnerable due to CVE-2012-1133.

collector/redhat-bugzilla
alias/CVE-2012-1133
agent/type
agent/first-publish-date
agent/last-modified-date
agent/severity
agent/weakness
agent/author
agent/references
agent/tags
agent/softwarecombine
agent/description
agent/event
collector/nvd-index
agent/software-canonical-lookup-request
vendor/freetype
canonical/freetype
version/freetype/2.4.8
version/freetype/1.3.1
version/freetype/2.0.0
version/freetype/2.0.1
version/freetype/2.0.2
version/freetype/2.0.3
version/freetype/2.0.4
version/freetype/2.0.5
version/freetype/2.0.6
version/freetype/2.0.7
version/freetype/2.0.8
version/freetype/2.0.9
version/freetype/2.1
version/freetype/2.1.3
version/freetype/2.1.4
version/freetype/2.1.5
version/freetype/2.1.6
version/freetype/2.1.7
version/freetype/2.1.8
version/freetype/2.1.8-rc1
version/freetype/2.1.9
version/freetype/2.1.10
version/freetype/2.2.0
version/freetype/2.2.1
version/freetype/2.3.0
version/freetype/2.3.1
version/freetype/2.3.2
version/freetype/2.3.3
version/freetype/2.3.4
version/freetype/2.3.5
version/freetype/2.3.6
version/freetype/2.3.7
version/freetype/2.3.8
version/freetype/2.3.9
version/freetype/2.3.10
version/freetype/2.3.11
version/freetype/2.3.12
version/freetype/2.4.0
version/freetype/2.4.1
version/freetype/2.4.2
version/freetype/2.4.3
version/freetype/2.4.4
version/freetype/2.4.5
version/freetype/2.4.6
version/freetype/2.4.7
vendor/mozilla
canonical/mozilla firefox
version/mozilla firefox/10.0.3
version/mozilla firefox/1.0
version/mozilla firefox/4.0
version/mozilla firefox/4.0-beta1
version/mozilla firefox/4.0-beta2
version/mozilla firefox/4.0-beta3
version/mozilla firefox/4.0-beta4
version/mozilla firefox/5.0
version/mozilla firefox/6.0
version/mozilla firefox/6.0.1
version/mozilla firefox/6.0.2
version/mozilla firefox/7.0
version/mozilla firefox/8.0
version/mozilla firefox/9.0
version/mozilla firefox/10.0
version/mozilla firefox/10.0.1
version/mozilla firefox/10.0.2