CVE-2012-5670

CVSS V2 Medium 4.3 CVSS V3 None

Description

The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) via vectors related to BDF fonts and an ENCODING field with a negative value.

Overview

CVE ID
CVE-2012-5670

Assigner
secalert@redhat.com

Vulnerability Status
Modified

Published Version
2013-01-24T21:55:01

Last Modified Date
2021-01-26T12:43:34

Weakness Enumerations

CWE	URL
CWE-119	http://cwe.mitre.org/data/definitions/119.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
cpe:2.3:a:freetype:freetype::::::::	1	OR	2.4.10
cpe:2.3:a:freetype:freetype:1.3.1:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.0.0:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.0.1:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.0.2:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.0.3:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.0.4:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.0.5:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.0.6:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.0.7:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.0.8:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.0.9:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.1:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.1.3:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.1.4:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.1.5:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.1.6:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.1.7:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.1.8:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.1.8:rc1::::::	1	OR
cpe:2.3:a:freetype:freetype:2.1.9:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.1.10:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.2.0:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.2.1:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.3.0:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.3.1:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.3.2:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.3.3:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.3.4:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.3.5:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.3.6:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.3.7:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.3.8:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.3.9:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.3.10:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.3.11:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.3.12:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.4.0:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.4.1:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.4.2:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.4.3:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.4.4:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.4.5:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.4.6:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.4.7:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.4.8:::::::*	1	OR
cpe:2.3:a:freetype:freetype:2.4.9:::::::*	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:M/Au:N/C:N/I:N/A:P

Access Vector
NETWORK

Access Compatibility
MEDIUM

Authentication
NONE

Confidentiality Impact
NONE

Integrity Impact
NONE

Availability Impact
PARTIAL

Base Score
4.3

Severity
MEDIUM

Exploitability Score
8.6

Impact Score
2.9

References

Reference URL	Reference Tags
http://www.freetype.org/
http://www.securitytracker.com/id?1027921
http://www.ubuntu.com/usn/USN-1686-1
http://secunia.com/advisories/51826	Vendor Advisory
http://secunia.com/advisories/51900	Vendor Advisory
http://lists.opensuse.org/opensuse-updates/2013-01/msg00056.html
http://www.openwall.com/lists/oss-security/2012/12/25/2
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7f2e4f4f553f6836be7683f66226afac3fa979b8
https://savannah.nongnu.org/bugs/?37907
http://lists.opensuse.org/opensuse-updates/2013-01/msg00078.html
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.520186

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2012-5670
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5670

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 07:26:17				Added to TrackCVE