CVE-2012-1133

Name of the Vulnerable Software and Affected Versions freetype versions prior to 2.4.9 libfreetype6 versions prior to 2.4.9 libfreetype6-32bit versions prior to 2.4.9 libfreetype6-debuginfo versions prior to 2.4.9 libfreetype6-debuginfo-32bit versions prior to 2.4.9 libfreetype6-debuginfo-x86 versions prior to 2.4.9 libfreetype6-x86 versions prior to 2.4.9 freetype2-devel versions prior to 2.4.9 freetype2-devel-32bit versions prior to 2.4.9 freetype2-debugsource versions prior to 2.4.9 ft2demos versions prior to 2.4.9

Description The issue is related to multiple vulnerabilities in the freetype package, which can lead to disruption of confidentiality, integrity, and availability of protected information. Exploitation of these vulnerabilities can be done remotely. According to the information from Mitre, the vulnerability allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font.

Recommendations For freetype versions prior to 2.4.9, update to version 2.4.9 or later. For libfreetype6 versions prior to 2.4.9, update to version 2.4.9 or later. For libfreetype6-32bit versions prior to 2.4.9, update to version 2.4.9 or later. For libfreetype6-debuginfo versions prior to 2.4.9, update to version 2.4.9 or later. For libfreetype6-debuginfo-32bit versions prior to 2.4.9, update to version 2.4.9 or later. For libfreetype6-debuginfo-x86 versions prior to 2.4.9, update to version 2.4.9 or later. For libfreetype6-x86 versions prior to 2.4.9, update to version 2.4.9 or later. For freetype2-devel versions prior to 2.4.9, update to version 2.4.9 or later. For freetype2-devel-32bit versions prior to 2.4.9, update to version 2.4.9 or later. For freetype2-debugsource versions prior to 2.4.9, update to version 2.4.9 or later. For ft2demos versions prior to 2.4.9, update to version 2.4.9 or later.