What is the severity of CVE-2012-1143?

CVE-2012-1143 is classified as a moderate severity vulnerability due to the potential for application crashes when rendering specifically crafted font files.

How do I fix CVE-2012-1143?

To fix CVE-2012-1143, update the FreeType library to version 2.4.9 or later, which addresses the integer divide by zero issue.

What applications are affected by CVE-2012-1143?

Applications linked against affected versions of the FreeType library, such as various graphic and web browsers, can be impacted by CVE-2012-1143.

Can CVE-2012-1143 be exploited remotely?

Yes, an attacker can exploit CVE-2012-1143 remotely by sending a specially crafted font file to the target application.

What does CVE-2012-1143 pertain to in FreeType?

CVE-2012-1143 pertains to an integer divide by zero vulnerability in the FreeType font rendering engine caused by faulty arithmetic computations.

Vulnerability/
CVE-2012-1143

medium

4.3

CWE

369 189

6/3/2012

25/4/2012

11/5/2023

CVE-2012-1143: Divide by Zero

First published: Tue Mar 06 2012(Updated: )

An integer divide by zero was found in the way FreeType font rendering engine performed arithmetic computations for certain fonts. A remote attacker could provide a specially-crafted font file, which once opened in an application linked against FreeType would lead to that application crash. Upstream bug report: [1] <a href="https://savannah.nongnu.org/bugs/?35660">https://savannah.nongnu.org/bugs/?35660</a> Upstream patch: [2] <a href="http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=ba67957d5ead443f4b6b31805d6e780d54361ca4">http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=ba67957d5ead443f4b6b31805d6e780d54361ca4</a> Acknowledgements: Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
FreeType	<=2.4.8
FreeType	=1.3.1
FreeType	=2.0.0
FreeType	=2.0.1
FreeType	=2.0.2
FreeType	=2.0.3
FreeType	=2.0.4
FreeType	=2.0.5
FreeType	=2.0.6
FreeType	=2.0.7
FreeType	=2.0.8
FreeType	=2.0.9
FreeType	=2.1
FreeType	=2.1.3
FreeType	=2.1.4
FreeType	=2.1.5
FreeType	=2.1.6
FreeType	=2.1.7
FreeType	=2.1.8
FreeType	=2.1.8-rc1
FreeType	=2.1.9
FreeType	=2.1.10
FreeType	=2.2.0
FreeType	=2.2.1
FreeType	=2.3.0
FreeType	=2.3.1
FreeType	=2.3.2
FreeType	=2.3.3
FreeType	=2.3.4
FreeType	=2.3.5
FreeType	=2.3.6
FreeType	=2.3.7
FreeType	=2.3.8
FreeType	=2.3.9
FreeType	=2.3.10
FreeType	=2.3.11
FreeType	=2.3.12
FreeType	=2.4.0
FreeType	=2.4.1
FreeType	=2.4.2
FreeType	=2.4.3
FreeType	=2.4.4
FreeType	=2.4.5
FreeType	=2.4.6
FreeType	=2.4.7
Mozilla Firefox	<=10.0.3
Mozilla Firefox	=1.0
Mozilla Firefox	=4.0
Mozilla Firefox	=4.0-beta1
Mozilla Firefox	=4.0-beta2
Mozilla Firefox	=4.0-beta3
Mozilla Firefox	=4.0-beta4
Mozilla Firefox	=5.0
Mozilla Firefox	=6.0
Mozilla Firefox	=6.0.1
Mozilla Firefox	=6.0.2
Mozilla Firefox	=7.0
Mozilla Firefox	=8.0
Mozilla Firefox	=9.0
Mozilla Firefox	=10.0
Mozilla Firefox	=10.0.1
Mozilla Firefox	=10.0.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-1143?
CVE-2012-1143 is classified as a moderate severity vulnerability due to the potential for application crashes when rendering specifically crafted font files.
How do I fix CVE-2012-1143?
To fix CVE-2012-1143, update the FreeType library to version 2.4.9 or later, which addresses the integer divide by zero issue.
What applications are affected by CVE-2012-1143?
Applications linked against affected versions of the FreeType library, such as various graphic and web browsers, can be impacted by CVE-2012-1143.
Can CVE-2012-1143 be exploited remotely?
Yes, an attacker can exploit CVE-2012-1143 remotely by sending a specially crafted font file to the target application.
What does CVE-2012-1143 pertain to in FreeType?
CVE-2012-1143 pertains to an integer divide by zero vulnerability in the FreeType font rendering engine caused by faulty arithmetic computations.

collector/redhat-bugzilla
alias/CVE-2012-1143
agent/type
agent/first-publish-date
agent/last-modified-date
agent/severity
agent/weakness
agent/author
agent/references
agent/tags
agent/softwarecombine
agent/description
agent/event
collector/nvd-index
agent/software-canonical-lookup-request
vendor/freetype
canonical/freetype
version/freetype/2.4.8
version/freetype/1.3.1
version/freetype/2.0.0
version/freetype/2.0.1
version/freetype/2.0.2
version/freetype/2.0.3
version/freetype/2.0.4
version/freetype/2.0.5
version/freetype/2.0.6
version/freetype/2.0.7
version/freetype/2.0.8
version/freetype/2.0.9
version/freetype/2.1
version/freetype/2.1.3
version/freetype/2.1.4
version/freetype/2.1.5
version/freetype/2.1.6
version/freetype/2.1.7
version/freetype/2.1.8
version/freetype/2.1.8-rc1
version/freetype/2.1.9
version/freetype/2.1.10
version/freetype/2.2.0
version/freetype/2.2.1
version/freetype/2.3.0
version/freetype/2.3.1
version/freetype/2.3.2
version/freetype/2.3.3
version/freetype/2.3.4
version/freetype/2.3.5
version/freetype/2.3.6
version/freetype/2.3.7
version/freetype/2.3.8
version/freetype/2.3.9
version/freetype/2.3.10
version/freetype/2.3.11
version/freetype/2.3.12
version/freetype/2.4.0
version/freetype/2.4.1
version/freetype/2.4.2
version/freetype/2.4.3
version/freetype/2.4.4
version/freetype/2.4.5
version/freetype/2.4.6
version/freetype/2.4.7
vendor/mozilla
canonical/mozilla firefox
version/mozilla firefox/10.0.3
version/mozilla firefox/1.0
version/mozilla firefox/4.0
version/mozilla firefox/4.0-beta1
version/mozilla firefox/4.0-beta2
version/mozilla firefox/4.0-beta3
version/mozilla firefox/4.0-beta4
version/mozilla firefox/5.0
version/mozilla firefox/6.0
version/mozilla firefox/6.0.1
version/mozilla firefox/6.0.2
version/mozilla firefox/7.0
version/mozilla firefox/8.0
version/mozilla firefox/9.0
version/mozilla firefox/10.0
version/mozilla firefox/10.0.1
version/mozilla firefox/10.0.2