9.3
CVE-2012-1137
- EPSS 3.81%
- Veröffentlicht 25.04.2012 10:10:18
- Zuletzt bearbeitet 16.06.2026 23:39:06
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted header in a BDF font.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mozilla ≫ Firefox Mobile Version <= 10.0.3
Mozilla ≫ Firefox Mobile Version1.0
Mozilla ≫ Firefox Mobile Version4.0
Mozilla ≫ Firefox Mobile Version4.0 Updatebeta1
Mozilla ≫ Firefox Mobile Version4.0 Updatebeta2
Mozilla ≫ Firefox Mobile Version4.0 Updatebeta3
Mozilla ≫ Firefox Mobile Version4.0 Updatebeta4
Mozilla ≫ Firefox Mobile Version5.0
Mozilla ≫ Firefox Mobile Version6.0
Mozilla ≫ Firefox Mobile Version6.0.1
Mozilla ≫ Firefox Mobile Version6.0.2
Mozilla ≫ Firefox Mobile Version7.0
Mozilla ≫ Firefox Mobile Version8.0
Mozilla ≫ Firefox Mobile Version9.0
Mozilla ≫ Firefox Mobile Version10.0
Mozilla ≫ Firefox Mobile Version10.0.1
Mozilla ≫ Firefox Mobile Version10.0.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.81% | 0.887 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://secunia.com/advisories/48951
http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
http://support.apple.com/kb/HT5503
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00004.html
http://rhn.redhat.com/errata/RHSA-2012-0467.html
http://secunia.com/advisories/48508
http://secunia.com/advisories/48758
http://secunia.com/advisories/48797
http://secunia.com/advisories/48822
http://secunia.com/advisories/48973
http://security.gentoo.org/glsa/glsa-201204-04.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2012:057
http://www.mozilla.org/security/announce/2012/mfsa2012-21.html
http://www.openwall.com/lists/oss-security/2012/03/06/16
http://www.securityfocus.com/bid/52318
http://www.securitytracker.com/id?1026765
http://www.ubuntu.com/usn/USN-1403-1
https://bugzilla.mozilla.org/show_bug.cgi?id=733512
https://bugzilla.redhat.com/show_bug.cgi?id=800595