1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
PublicDateAtUSN: 2012-03-07
Candidate: CVE-2012-1139
PublicDate: 2012-04-25
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1139
http://www.ubuntu.com/usn/usn-1403-1
Description:
Array index error in FreeType before 2.4.9, as used in Mozilla Firefox
Mobile before 10.0.4 and other products, allows remote attackers to cause a
denial of service (invalid stack read operation and memory corruption) or
possibly execute arbitrary code via crafted glyph data in a BDF font.
Ubuntu-Description:
Notes:
tyhicks> Reproducer doesn't trigger under valgrind, code is present
Bugs:
https://savannah.nongnu.org/bugs/?35656
https://bugzilla.redhat.com/show_bug.cgi?id=800598
Priority: low
Discovered-by: Mateusz Jurczyk
Assigned-to: tyhicks
Patches_freetype:
upstream: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=6ac022dc750d95296a6f731b9594f2e751d997fa
upstream: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=37b5c92f83e5da53707b20c10ef8e0d7a24924d9
upstream_freetype: released (2.4.9)
hardy_freetype: released (2.3.5-1ubuntu4.8.04.9)
lucid_freetype: released (2.3.11-1ubuntu2.6)
maverick_freetype: released (2.4.2-2ubuntu0.4)
natty_freetype: released (2.4.4-1ubuntu2.3)
oneiric_freetype: released (2.4.4-2ubuntu1.2)
devel_freetype: released (2.4.8-1ubuntu1)
|