9.3

CVE-2012-1139

Array index error in FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid stack read operation and memory corruption) or possibly execute arbitrary code via crafted glyph data in a BDF font.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FreetypeFreetype Version <= 2.4.8
FreetypeFreetype Version1.3.1
FreetypeFreetype Version2.0.0
FreetypeFreetype Version2.0.1
FreetypeFreetype Version2.0.2
FreetypeFreetype Version2.0.3
FreetypeFreetype Version2.0.4
FreetypeFreetype Version2.0.5
FreetypeFreetype Version2.0.6
FreetypeFreetype Version2.0.7
FreetypeFreetype Version2.0.8
FreetypeFreetype Version2.0.9
FreetypeFreetype Version2.1
FreetypeFreetype Version2.1.3
FreetypeFreetype Version2.1.4
FreetypeFreetype Version2.1.5
FreetypeFreetype Version2.1.6
FreetypeFreetype Version2.1.7
FreetypeFreetype Version2.1.8
FreetypeFreetype Version2.1.8 Updaterc1
FreetypeFreetype Version2.1.9
FreetypeFreetype Version2.1.10
FreetypeFreetype Version2.2.0
FreetypeFreetype Version2.2.1
FreetypeFreetype Version2.3.0
FreetypeFreetype Version2.3.1
FreetypeFreetype Version2.3.2
FreetypeFreetype Version2.3.3
FreetypeFreetype Version2.3.4
FreetypeFreetype Version2.3.5
FreetypeFreetype Version2.3.6
FreetypeFreetype Version2.3.7
FreetypeFreetype Version2.3.8
FreetypeFreetype Version2.3.9
FreetypeFreetype Version2.3.10
FreetypeFreetype Version2.3.11
FreetypeFreetype Version2.3.12
FreetypeFreetype Version2.4.0
FreetypeFreetype Version2.4.1
FreetypeFreetype Version2.4.2
FreetypeFreetype Version2.4.3
FreetypeFreetype Version2.4.4
FreetypeFreetype Version2.4.5
FreetypeFreetype Version2.4.6
FreetypeFreetype Version2.4.7
MozillaFirefox Mobile Version <= 10.0.3
MozillaFirefox Mobile Version1.0
MozillaFirefox Mobile Version4.0
MozillaFirefox Mobile Version4.0 Updatebeta1
MozillaFirefox Mobile Version4.0 Updatebeta2
MozillaFirefox Mobile Version4.0 Updatebeta3
MozillaFirefox Mobile Version4.0 Updatebeta4
MozillaFirefox Mobile Version5.0
MozillaFirefox Mobile Version6.0
MozillaFirefox Mobile Version6.0.1
MozillaFirefox Mobile Version6.0.2
MozillaFirefox Mobile Version7.0
MozillaFirefox Mobile Version8.0
MozillaFirefox Mobile Version9.0
MozillaFirefox Mobile Version10.0
MozillaFirefox Mobile Version10.0.1
MozillaFirefox Mobile Version10.0.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.97% 0.852
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.