PublicDateAtUSN: 2012-03-07
Candidate: CVE-2012-1144
PublicDate: 2012-04-25 10:10:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1144
 https://ubuntu.com/security/notices/USN-1403-1
Description:
 FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and
 other products, allows remote attackers to cause a denial of service
 (invalid heap write operation and memory corruption) or possibly execute
 arbitrary code via a crafted TrueType font.
Ubuntu-Description: 
Notes: 
 tyhicks> Reproducer doesn't trigger on hardy-precise, but code is present
Bugs: 
 https://savannah.nongnu.org/bugs/?35689
 https://bugzilla.redhat.com/show_bug.cgi?id=800607
Priority: medium
Discovered-by: Mateusz Jurczyk
Assigned-to: tyhicks
CVSS: 

Patches_freetype:
 upstream: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0fc8debeb6c2f6a8a9a2b97332a7c8a0a1bd9e85
upstream_freetype: released (2.4.9)
hardy_freetype: released (2.3.5-1ubuntu4.8.04.9)
lucid_freetype: released (2.3.11-1ubuntu2.6)
maverick_freetype: released (2.4.2-2ubuntu0.4)
natty_freetype: released (2.4.4-1ubuntu2.3)
oneiric_freetype: released (2.4.4-2ubuntu1.2)
devel_freetype: released (2.4.8-1ubuntu1)