CVE-2012-1142: Buffer Overflow
First published: Tue Mar 06 2012(Updated: )
An out-of heap-based buffer write flaw was found in the way FreeType font rendering engine performed computation of advance width values for certain glyph outlines. A remote attacker could provide a specially-crafted TrueType font file, which once opened in an application linked against FreeType would lead to that application crash, or, potentially arbitrary code execution with the privileges of the user running the application. Upstream bug report: [1] <a href="https://savannah.nongnu.org/bugs/?35659">https://savannah.nongnu.org/bugs/?35659</a> Upstream patch: [2] <a href="http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7d35a7dc7cc621538a1f4a63c83ebf223aace0b0">http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7d35a7dc7cc621538a1f4a63c83ebf223aace0b0</a> Acknowledgements: Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Freetype Freetype | <=2.4.8 | |
| Freetype Freetype | =1.3.1 | |
| Freetype Freetype | =2.0.0 | |
| Freetype Freetype | =2.0.1 | |
| Freetype Freetype | =2.0.2 | |
| Freetype Freetype | =2.0.3 | |
| Freetype Freetype | =2.0.4 | |
| Freetype Freetype | =2.0.5 | |
| Freetype Freetype | =2.0.6 | |
| Freetype Freetype | =2.0.7 | |
| Freetype Freetype | =2.0.8 | |
| Freetype Freetype | =2.0.9 | |
| Freetype Freetype | =2.1 | |
| Freetype Freetype | =2.1.3 | |
| Freetype Freetype | =2.1.4 | |
| Freetype Freetype | =2.1.5 | |
| Freetype Freetype | =2.1.6 | |
| Freetype Freetype | =2.1.7 | |
| Freetype Freetype | =2.1.8 | |
| Freetype Freetype | =2.1.8-rc1 | |
| Freetype Freetype | =2.1.9 | |
| Freetype Freetype | =2.1.10 | |
| Freetype Freetype | =2.2.0 | |
| Freetype Freetype | =2.2.1 | |
| Freetype Freetype | =2.3.0 | |
| Freetype Freetype | =2.3.1 | |
| Freetype Freetype | =2.3.2 | |
| Freetype Freetype | =2.3.3 | |
| Freetype Freetype | =2.3.4 | |
| Freetype Freetype | =2.3.5 | |
| Freetype Freetype | =2.3.6 | |
| Freetype Freetype | =2.3.7 | |
| Freetype Freetype | =2.3.8 | |
| Freetype Freetype | =2.3.9 | |
| Freetype Freetype | =2.3.10 | |
| Freetype Freetype | =2.3.11 | |
| Freetype Freetype | =2.3.12 | |
| Freetype Freetype | =2.4.0 | |
| Freetype Freetype | =2.4.1 | |
| Freetype Freetype | =2.4.2 | |
| Freetype Freetype | =2.4.3 | |
| Freetype Freetype | =2.4.4 | |
| Freetype Freetype | =2.4.5 | |
| Freetype Freetype | =2.4.6 | |
| Freetype Freetype | =2.4.7 | |
| Mozilla Firefox Mobile | <=10.0.3 | |
| Mozilla Firefox Mobile | =1.0 | |
| Mozilla Firefox Mobile | =4.0 | |
| Mozilla Firefox Mobile | =4.0-beta1 | |
| Mozilla Firefox Mobile | =4.0-beta2 | |
| Mozilla Firefox Mobile | =4.0-beta3 | |
| Mozilla Firefox Mobile | =4.0-beta4 | |
| Mozilla Firefox Mobile | =5.0 | |
| Mozilla Firefox Mobile | =6.0 | |
| Mozilla Firefox Mobile | =6.0.1 | |
| Mozilla Firefox Mobile | =6.0.2 | |
| Mozilla Firefox Mobile | =7.0 | |
| Mozilla Firefox Mobile | =8.0 | |
| Mozilla Firefox Mobile | =9.0 | |
| Mozilla Firefox Mobile | =10.0 | |
| Mozilla Firefox Mobile | =10.0.1 | |
| Mozilla Firefox Mobile | =10.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://savannah.nongnu.org/bugs/?35659
- http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7d35a7dc7cc621538a1f4a63c83ebf223aace0b0
- http://www.openwall.com/lists/oss-security/2012/03/06/16
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=800604#c0
- https://rhn.redhat.com/errata/RHSA-2012-0467.html
- https://bugzilla.redhat.com/show_bug.cgi?id=800604
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00015.html
- http://rhn.redhat.com/errata/RHSA-2012-0467.html
- http://secunia.com/advisories/48300
- http://secunia.com/advisories/48508
- http://secunia.com/advisories/48758
- http://secunia.com/advisories/48797
- http://secunia.com/advisories/48822
- http://secunia.com/advisories/48918
- http://secunia.com/advisories/48951
- http://secunia.com/advisories/48973
- http://security.gentoo.org/glsa/glsa-201204-04.xml
- http://support.apple.com/kb/HT5503
- http://www.debian.org/security/2012/dsa-2428
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:057
- http://www.mozilla.org/security/announce/2012/mfsa2012-21.html
- http://www.securityfocus.com/bid/52318
- http://www.securitytracker.com/id?1026765
- http://www.ubuntu.com/usn/USN-1403-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=733512
- collector/redhat-bugzilla
- alias/CVE-2012-1142
- collector/nvd-index
- agent/author
- agent/references
- agent/weakness
- agent/severity
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- vendor/freetype
- canonical/freetype freetype
- version/freetype freetype/2.4.8
- version/freetype freetype/1.3.1
- version/freetype freetype/2.0.0
- version/freetype freetype/2.0.1
- version/freetype freetype/2.0.2
- version/freetype freetype/2.0.3
- version/freetype freetype/2.0.4
- version/freetype freetype/2.0.5
- version/freetype freetype/2.0.6
- version/freetype freetype/2.0.7
- version/freetype freetype/2.0.8
- version/freetype freetype/2.0.9
- version/freetype freetype/2.1
- version/freetype freetype/2.1.3
- version/freetype freetype/2.1.4
- version/freetype freetype/2.1.5
- version/freetype freetype/2.1.6
- version/freetype freetype/2.1.7
- version/freetype freetype/2.1.8
- version/freetype freetype/2.1.8-rc1
- version/freetype freetype/2.1.9
- version/freetype freetype/2.1.10
- version/freetype freetype/2.2.0
- version/freetype freetype/2.2.1
- version/freetype freetype/2.3.0
- version/freetype freetype/2.3.1
- version/freetype freetype/2.3.2
- version/freetype freetype/2.3.3
- version/freetype freetype/2.3.4
- version/freetype freetype/2.3.5
- version/freetype freetype/2.3.6
- version/freetype freetype/2.3.7
- version/freetype freetype/2.3.8
- version/freetype freetype/2.3.9
- version/freetype freetype/2.3.10
- version/freetype freetype/2.3.11
- version/freetype freetype/2.3.12
- version/freetype freetype/2.4.0
- version/freetype freetype/2.4.1
- version/freetype freetype/2.4.2
- version/freetype freetype/2.4.3
- version/freetype freetype/2.4.4
- version/freetype freetype/2.4.5
- version/freetype freetype/2.4.6
- version/freetype freetype/2.4.7
- vendor/mozilla
- canonical/mozilla firefox mobile
- version/mozilla firefox mobile/10.0.3
- version/mozilla firefox mobile/1.0
- version/mozilla firefox mobile/4.0
- version/mozilla firefox mobile/4.0-beta1
- version/mozilla firefox mobile/4.0-beta2
- version/mozilla firefox mobile/4.0-beta3
- version/mozilla firefox mobile/4.0-beta4
- version/mozilla firefox mobile/5.0
- version/mozilla firefox mobile/6.0
- version/mozilla firefox mobile/6.0.1
- version/mozilla firefox mobile/6.0.2
- version/mozilla firefox mobile/7.0
- version/mozilla firefox mobile/8.0
- version/mozilla firefox mobile/9.0
- version/mozilla firefox mobile/10.0
- version/mozilla firefox mobile/10.0.1
- version/mozilla firefox mobile/10.0.2