Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2012-1135

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the NPUSHB and NPUSHW instructions in a TrueType font.

Published

2012-04-25T10:10:18.370

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.3 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

8.6

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-119
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application freetype freetype ≤ 2.4.8 Yes
Application freetype freetype 1.3.1 Yes
Application freetype freetype 2.0.0 Yes
Application freetype freetype 2.0.1 Yes
Application freetype freetype 2.0.2 Yes
Application freetype freetype 2.0.3 Yes
Application freetype freetype 2.0.4 Yes
Application freetype freetype 2.0.5 Yes
Application freetype freetype 2.0.6 Yes
Application freetype freetype 2.0.7 Yes
Application freetype freetype 2.0.8 Yes
Application freetype freetype 2.0.9 Yes
Application freetype freetype 2.1 Yes
Application freetype freetype 2.1.3 Yes
Application freetype freetype 2.1.4 Yes
Application freetype freetype 2.1.5 Yes
Application freetype freetype 2.1.6 Yes
Application freetype freetype 2.1.7 Yes
Application freetype freetype 2.1.8 Yes
Application freetype freetype 2.1.8 Yes
Application freetype freetype 2.1.9 Yes
Application freetype freetype 2.1.10 Yes
Application freetype freetype 2.2.0 Yes
Application freetype freetype 2.2.1 Yes
Application freetype freetype 2.3.0 Yes
Application freetype freetype 2.3.1 Yes
Application freetype freetype 2.3.2 Yes
Application freetype freetype 2.3.3 Yes
Application freetype freetype 2.3.4 Yes
Application freetype freetype 2.3.5 Yes
Application freetype freetype 2.3.6 Yes
Application freetype freetype 2.3.7 Yes
Application freetype freetype 2.3.8 Yes
Application freetype freetype 2.3.9 Yes
Application freetype freetype 2.3.10 Yes
Application freetype freetype 2.3.11 Yes
Application freetype freetype 2.3.12 Yes
Application freetype freetype 2.4.0 Yes
Application freetype freetype 2.4.1 Yes
Application freetype freetype 2.4.2 Yes
Application freetype freetype 2.4.3 Yes
Application freetype freetype 2.4.4 Yes
Application freetype freetype 2.4.5 Yes
Application freetype freetype 2.4.6 Yes
Application freetype freetype 2.4.7 Yes
Application mozilla firefox_mobile ≤ 10.0.3 Yes
Application mozilla firefox_mobile 1.0 Yes
Application mozilla firefox_mobile 4.0 Yes
Application mozilla firefox_mobile 4.0 Yes
Application mozilla firefox_mobile 4.0 Yes
Application mozilla firefox_mobile 4.0 Yes
Application mozilla firefox_mobile 4.0 Yes
Application mozilla firefox_mobile 5.0 Yes
Application mozilla firefox_mobile 6.0 Yes
Application mozilla firefox_mobile 6.0.1 Yes
Application mozilla firefox_mobile 6.0.2 Yes
Application mozilla firefox_mobile 7.0 Yes
Application mozilla firefox_mobile 8.0 Yes
Application mozilla firefox_mobile 9.0 Yes
Application mozilla firefox_mobile 10.0 Yes
Application mozilla firefox_mobile 10.0.1 Yes
Application mozilla firefox_mobile 10.0.2 Yes
References