PT-2013-1184 · Freetype+3 · Freetype-Debuginfo+4

J00Ru

Published

2013-01-24

Updated

2024-06-15

CVE-2012-5669

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions FreeType versions prior to 2.4.11 freetype-debuginfo version 2.2.1

Description The issue allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read. Exploitation of the vulnerability can be done remotely, potentially leading to a disruption of protected information.

Recommendations For FreeType versions prior to 2.4.11, update to version 2.4.11 or later to resolve the issue. For freetype-debuginfo version 2.2.1, consider upgrading to a newer version of freetype-debuginfo that is based on a patched version of FreeType, such as version 2.4.11 or later. As a temporary workaround, consider restricting access to BDF fonts until a patch is available.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2015-06996

BDU:2015-08926

BDU:2015-09722

CESA-2013_0216

CVE-2012-5669

OPENSUSE-SU-2024:10172-1

OPENSUSE-SU-2024:10438-1

RHSA-2013:0216

RHSA-2013_0216

Affected Products

Centos

Freetype

Red Hat

Suse

Freetype-Debuginfo

PT-2013-1184 · Freetype+3 · Freetype-Debuginfo+4

CVE-2012-5669

Weakness Enumeration

Related Identifiers

Affected Products

References · 88