What is the severity of CVE-2012-1139?

CVE-2012-1139 is classified as a moderate severity vulnerability due to its potential for exploitation through specially crafted BDF font files.

How do I fix CVE-2012-1139?

To address CVE-2012-1139, update FreeType to version 2.4.9 or later, which contains patches for this vulnerability.

What type of vulnerability is CVE-2012-1139?

CVE-2012-1139 is an array index error vulnerability that leads to an out-of-stack buffer read flaw in FreeType.

Which software is affected by CVE-2012-1139?

CVE-2012-1139 affects multiple versions of FreeType, including versions up to 2.4.8 and specific 1.x and 2.0.x versions.

Can CVE-2012-1139 be exploited remotely?

Yes, CVE-2012-1139 can be exploited remotely if a user opens a maliciously crafted BDF font file.

Vulnerability/
CVE-2012-1139

critical

9.3

CWE

119

6/3/2012

25/4/2012

11/5/2023

CVE-2012-1139: Buffer Overflow

First published: Tue Mar 06 2012(Updated: )

An array index error, leading to out-of stack-based buffer read flaw was found in the way FreeType font rendering engine processed certain glyph information for glyph bitmap distribution format (BDF) font files. A remote attacker could provide a specially-crafted BDF font file, which once opened in an application linked against FreeType would lead to that application crash. Upstream bug report: [1] <a href="https://savannah.nongnu.org/bugs/?35656">https://savannah.nongnu.org/bugs/?35656</a> Upstream patch: [2] <a href="http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=6ac022dc750d95296a6f731b9594f2e751d997fa">http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=6ac022dc750d95296a6f731b9594f2e751d997fa</a> Acknowledgements: Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
FreeType	<=2.4.8
FreeType	=1.3.1
FreeType	=2.0.0
FreeType	=2.0.1
FreeType	=2.0.2
FreeType	=2.0.3
FreeType	=2.0.4
FreeType	=2.0.5
FreeType	=2.0.6
FreeType	=2.0.7
FreeType	=2.0.8
FreeType	=2.0.9
FreeType	=2.1
FreeType	=2.1.3
FreeType	=2.1.4
FreeType	=2.1.5
FreeType	=2.1.6
FreeType	=2.1.7
FreeType	=2.1.8
FreeType	=2.1.8-rc1
FreeType	=2.1.9
FreeType	=2.1.10
FreeType	=2.2.0
FreeType	=2.2.1
FreeType	=2.3.0
FreeType	=2.3.1
FreeType	=2.3.2
FreeType	=2.3.3
FreeType	=2.3.4
FreeType	=2.3.5
FreeType	=2.3.6
FreeType	=2.3.7
FreeType	=2.3.8
FreeType	=2.3.9
FreeType	=2.3.10
FreeType	=2.3.11
FreeType	=2.3.12
FreeType	=2.4.0
FreeType	=2.4.1
FreeType	=2.4.2
FreeType	=2.4.3
FreeType	=2.4.4
FreeType	=2.4.5
FreeType	=2.4.6
FreeType	=2.4.7
Mozilla Firefox	<=10.0.3
Mozilla Firefox	=1.0
Mozilla Firefox	=4.0
Mozilla Firefox	=4.0-beta1
Mozilla Firefox	=4.0-beta2
Mozilla Firefox	=4.0-beta3
Mozilla Firefox	=4.0-beta4
Mozilla Firefox	=5.0
Mozilla Firefox	=6.0
Mozilla Firefox	=6.0.1
Mozilla Firefox	=6.0.2
Mozilla Firefox	=7.0
Mozilla Firefox	=8.0
Mozilla Firefox	=9.0
Mozilla Firefox	=10.0
Mozilla Firefox	=10.0.1
Mozilla Firefox	=10.0.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-1139?
CVE-2012-1139 is classified as a moderate severity vulnerability due to its potential for exploitation through specially crafted BDF font files.
How do I fix CVE-2012-1139?
To address CVE-2012-1139, update FreeType to version 2.4.9 or later, which contains patches for this vulnerability.
What type of vulnerability is CVE-2012-1139?
CVE-2012-1139 is an array index error vulnerability that leads to an out-of-stack buffer read flaw in FreeType.
Which software is affected by CVE-2012-1139?
CVE-2012-1139 affects multiple versions of FreeType, including versions up to 2.4.8 and specific 1.x and 2.0.x versions.
Can CVE-2012-1139 be exploited remotely?
Yes, CVE-2012-1139 can be exploited remotely if a user opens a maliciously crafted BDF font file.

collector/redhat-bugzilla
alias/CVE-2012-1139
agent/first-publish-date
agent/last-modified-date
agent/type
agent/severity
agent/weakness
agent/author
agent/references
agent/softwarecombine
agent/description
agent/event
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/freetype
canonical/freetype
version/freetype/2.4.8
version/freetype/1.3.1
version/freetype/2.0.0
version/freetype/2.0.1
version/freetype/2.0.2
version/freetype/2.0.3
version/freetype/2.0.4
version/freetype/2.0.5
version/freetype/2.0.6
version/freetype/2.0.7
version/freetype/2.0.8
version/freetype/2.0.9
version/freetype/2.1
version/freetype/2.1.3
version/freetype/2.1.4
version/freetype/2.1.5
version/freetype/2.1.6
version/freetype/2.1.7
version/freetype/2.1.8
version/freetype/2.1.8-rc1
version/freetype/2.1.9
version/freetype/2.1.10
version/freetype/2.2.0
version/freetype/2.2.1
version/freetype/2.3.0
version/freetype/2.3.1
version/freetype/2.3.2
version/freetype/2.3.3
version/freetype/2.3.4
version/freetype/2.3.5
version/freetype/2.3.6
version/freetype/2.3.7
version/freetype/2.3.8
version/freetype/2.3.9
version/freetype/2.3.10
version/freetype/2.3.11
version/freetype/2.3.12
version/freetype/2.4.0
version/freetype/2.4.1
version/freetype/2.4.2
version/freetype/2.4.3
version/freetype/2.4.4
version/freetype/2.4.5
version/freetype/2.4.6
version/freetype/2.4.7
vendor/mozilla
canonical/mozilla firefox
version/mozilla firefox/10.0.3
version/mozilla firefox/1.0
version/mozilla firefox/4.0
version/mozilla firefox/4.0-beta1
version/mozilla firefox/4.0-beta2
version/mozilla firefox/4.0-beta3
version/mozilla firefox/4.0-beta4
version/mozilla firefox/5.0
version/mozilla firefox/6.0
version/mozilla firefox/6.0.1
version/mozilla firefox/6.0.2
version/mozilla firefox/7.0
version/mozilla firefox/8.0
version/mozilla firefox/9.0
version/mozilla firefox/10.0
version/mozilla firefox/10.0.1
version/mozilla firefox/10.0.2