PublicDateAtUSN: 2012-12-31
Candidate: CVE-2012-5668
PublicDate: 2013-01-24 21:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5668
 https://ubuntu.com/security/notices/USN-1686-1
Description:
 FreeType before 2.4.11 allows context-dependent attackers to cause a denial
 of service (NULL pointer dereference and crash) via vectors related to BDF
 fonts and the improper handling of an "allocation error" in the
 bdf_free_font function.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696691
 https://savannah.nongnu.org/bugs/?37905
Priority: medium
Discovered-by: Mateusz Jurczyk
Assigned-to: mdeslaur
CVSS: 

Patches_freetype:
 upstream: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9b6b5754b57c12b820e01305eb69b8863a161e5a
upstream_freetype: released (2.4.11)
hardy_freetype: released (2.3.5-1ubuntu4.8.04.10)
lucid_freetype: released (2.3.11-1ubuntu2.7)
oneiric_freetype: released (2.4.4-2ubuntu1.3)
precise_freetype: released (2.4.8-1ubuntu2.1)
quantal_freetype: released (2.4.10-0ubuntu1.1)
devel_freetype: released (2.4.10-0ubuntu2)