What is the severity of CVE-2012-1142?

CVE-2012-1142 is classified with a severity rating that indicates it poses a moderate risk due to the potential for remote exploitation.

How do I fix CVE-2012-1142?

To fix CVE-2012-1142, update the FreeType library to version 2.4.9 or later, as this version addresses the vulnerability.

Who is affected by CVE-2012-1142?

CVE-2012-1142 affects various versions of FreeType prior to 2.4.9, as well as specific versions of Mozilla Firefox Mobile up to 10.0.3.

What is the nature of the vulnerability in CVE-2012-1142?

CVE-2012-1142 is an out-of-bounds buffer write vulnerability that occurs when FreeType processes certain malformed TrueType font files.

Can CVE-2012-1142 be exploited remotely?

Yes, CVE-2012-1142 can be exploited remotely if an attacker convinces a user to open a crafted TrueType font file.

Vulnerability/
CVE-2012-1142

critical

9.3

CWE

119

6/3/2012

25/4/2012

11/5/2023

CVE-2012-1142: Buffer Overflow

First published: Tue Mar 06 2012(Updated: )

An out-of heap-based buffer write flaw was found in the way FreeType font rendering engine performed computation of advance width values for certain glyph outlines. A remote attacker could provide a specially-crafted TrueType font file, which once opened in an application linked against FreeType would lead to that application crash, or, potentially arbitrary code execution with the privileges of the user running the application. Upstream bug report: [1] <a href="https://savannah.nongnu.org/bugs/?35659">https://savannah.nongnu.org/bugs/?35659</a> Upstream patch: [2] <a href="http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7d35a7dc7cc621538a1f4a63c83ebf223aace0b0">http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7d35a7dc7cc621538a1f4a63c83ebf223aace0b0</a> Acknowledgements: Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
FreeType	<=2.4.8
FreeType	=1.3.1
FreeType	=2.0.0
FreeType	=2.0.1
FreeType	=2.0.2
FreeType	=2.0.3
FreeType	=2.0.4
FreeType	=2.0.5
FreeType	=2.0.6
FreeType	=2.0.7
FreeType	=2.0.8
FreeType	=2.0.9
FreeType	=2.1
FreeType	=2.1.3
FreeType	=2.1.4
FreeType	=2.1.5
FreeType	=2.1.6
FreeType	=2.1.7
FreeType	=2.1.8
FreeType	=2.1.8-rc1
FreeType	=2.1.9
FreeType	=2.1.10
FreeType	=2.2.0
FreeType	=2.2.1
FreeType	=2.3.0
FreeType	=2.3.1
FreeType	=2.3.2
FreeType	=2.3.3
FreeType	=2.3.4
FreeType	=2.3.5
FreeType	=2.3.6
FreeType	=2.3.7
FreeType	=2.3.8
FreeType	=2.3.9
FreeType	=2.3.10
FreeType	=2.3.11
FreeType	=2.3.12
FreeType	=2.4.0
FreeType	=2.4.1
FreeType	=2.4.2
FreeType	=2.4.3
FreeType	=2.4.4
FreeType	=2.4.5
FreeType	=2.4.6
FreeType	=2.4.7
Mozilla Firefox	<=10.0.3
Mozilla Firefox	=1.0
Mozilla Firefox	=4.0
Mozilla Firefox	=4.0-beta1
Mozilla Firefox	=4.0-beta2
Mozilla Firefox	=4.0-beta3
Mozilla Firefox	=4.0-beta4
Mozilla Firefox	=5.0
Mozilla Firefox	=6.0
Mozilla Firefox	=6.0.1
Mozilla Firefox	=6.0.2
Mozilla Firefox	=7.0
Mozilla Firefox	=8.0
Mozilla Firefox	=9.0
Mozilla Firefox	=10.0
Mozilla Firefox	=10.0.1
Mozilla Firefox	=10.0.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-1142?
CVE-2012-1142 is classified with a severity rating that indicates it poses a moderate risk due to the potential for remote exploitation.
How do I fix CVE-2012-1142?
To fix CVE-2012-1142, update the FreeType library to version 2.4.9 or later, as this version addresses the vulnerability.
Who is affected by CVE-2012-1142?
CVE-2012-1142 affects various versions of FreeType prior to 2.4.9, as well as specific versions of Mozilla Firefox Mobile up to 10.0.3.
What is the nature of the vulnerability in CVE-2012-1142?
CVE-2012-1142 is an out-of-bounds buffer write vulnerability that occurs when FreeType processes certain malformed TrueType font files.
Can CVE-2012-1142 be exploited remotely?
Yes, CVE-2012-1142 can be exploited remotely if an attacker convinces a user to open a crafted TrueType font file.

collector/redhat-bugzilla
alias/CVE-2012-1142
agent/type
agent/last-modified-date
agent/first-publish-date
agent/description
agent/severity
agent/weakness
agent/author
agent/references
agent/tags
agent/softwarecombine
agent/event
collector/nvd-index
agent/software-canonical-lookup-request
vendor/freetype
canonical/freetype
version/freetype/2.4.8
version/freetype/1.3.1
version/freetype/2.0.0
version/freetype/2.0.1
version/freetype/2.0.2
version/freetype/2.0.3
version/freetype/2.0.4
version/freetype/2.0.5
version/freetype/2.0.6
version/freetype/2.0.7
version/freetype/2.0.8
version/freetype/2.0.9
version/freetype/2.1
version/freetype/2.1.3
version/freetype/2.1.4
version/freetype/2.1.5
version/freetype/2.1.6
version/freetype/2.1.7
version/freetype/2.1.8
version/freetype/2.1.8-rc1
version/freetype/2.1.9
version/freetype/2.1.10
version/freetype/2.2.0
version/freetype/2.2.1
version/freetype/2.3.0
version/freetype/2.3.1
version/freetype/2.3.2
version/freetype/2.3.3
version/freetype/2.3.4
version/freetype/2.3.5
version/freetype/2.3.6
version/freetype/2.3.7
version/freetype/2.3.8
version/freetype/2.3.9
version/freetype/2.3.10
version/freetype/2.3.11
version/freetype/2.3.12
version/freetype/2.4.0
version/freetype/2.4.1
version/freetype/2.4.2
version/freetype/2.4.3
version/freetype/2.4.4
version/freetype/2.4.5
version/freetype/2.4.6
version/freetype/2.4.7
vendor/mozilla
canonical/mozilla firefox
version/mozilla firefox/10.0.3
version/mozilla firefox/1.0
version/mozilla firefox/4.0
version/mozilla firefox/4.0-beta1
version/mozilla firefox/4.0-beta2
version/mozilla firefox/4.0-beta3
version/mozilla firefox/4.0-beta4
version/mozilla firefox/5.0
version/mozilla firefox/6.0
version/mozilla firefox/6.0.1
version/mozilla firefox/6.0.2
version/mozilla firefox/7.0
version/mozilla firefox/8.0
version/mozilla firefox/9.0
version/mozilla firefox/10.0
version/mozilla firefox/10.0.1
version/mozilla firefox/10.0.2