CVE-2012-1133 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:C/I:C/A:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 87%

Affected Products (NVD)

Vendor	Product	Version
freetype	freetype	𝑥 ≤ 2.4.8
freetype	freetype	1.3.1
freetype	freetype	2.0.0
freetype	freetype	2.0.1
freetype	freetype	2.0.2
freetype	freetype	2.0.3
freetype	freetype	2.0.4
freetype	freetype	2.0.5
freetype	freetype	2.0.6
freetype	freetype	2.0.7
freetype	freetype	2.0.8
freetype	freetype	2.0.9
freetype	freetype	2.1
freetype	freetype	2.1.3
freetype	freetype	2.1.4
freetype	freetype	2.1.5
freetype	freetype	2.1.6
freetype	freetype	2.1.7
freetype	freetype	2.1.8
freetype	freetype	2.1.8:rc1
freetype	freetype	2.1.9
freetype	freetype	2.1.10
freetype	freetype	2.2.0
freetype	freetype	2.2.1
freetype	freetype	2.3.0
freetype	freetype	2.3.1
freetype	freetype	2.3.2
freetype	freetype	2.3.3
freetype	freetype	2.3.4
freetype	freetype	2.3.5
freetype	freetype	2.3.6
freetype	freetype	2.3.7
freetype	freetype	2.3.8
freetype	freetype	2.3.9
freetype	freetype	2.3.10
freetype	freetype	2.3.11
freetype	freetype	2.3.12
freetype	freetype	2.4.0
freetype	freetype	2.4.1
freetype	freetype	2.4.2
freetype	freetype	2.4.3
freetype	freetype	2.4.4
freetype	freetype	2.4.5
freetype	freetype	2.4.6
freetype	freetype	2.4.7
mozilla	firefox_mobile	𝑥 ≤ 10.0.3
mozilla	firefox_mobile	1.0
mozilla	firefox_mobile	4.0
mozilla	firefox_mobile	4.0:beta1
mozilla	firefox_mobile	4.0:beta2
mozilla	firefox_mobile	4.0:beta3
mozilla	firefox_mobile	4.0:beta4
mozilla	firefox_mobile	5.0
mozilla	firefox_mobile	6.0
mozilla	firefox_mobile	6.0.1
mozilla	firefox_mobile	6.0.2
mozilla	firefox_mobile	7.0
mozilla	firefox_mobile	8.0
mozilla	firefox_mobile	9.0
mozilla	firefox_mobile	10.0
mozilla	firefox_mobile	10.0.1
mozilla	firefox_mobile	10.0.2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

freetype

bookworm	2.12.1+dfsg-5+deb12u3 fixed
bullseye	2.10.4+dfsg-1+deb11u1 fixed
sid	2.13.3+dfsg-1 fixed
trixie	2.13.3+dfsg-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

freetype

hardy	Fixed 2.3.5-1ubuntu4.8.04.9 released
lucid	Fixed 2.3.11-1ubuntu2.6 released
maverick	Fixed 2.4.2-2ubuntu0.4 released
natty	Fixed 2.4.4-1ubuntu2.3 released
oneiric	Fixed 2.4.4-2ubuntu1.2 released

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00015.html

http://secunia.com/advisories/48300

http://secunia.com/advisories/48508

http://secunia.com/advisories/48797

http://secunia.com/advisories/48822

http://secunia.com/advisories/48918

http://secunia.com/advisories/48951

http://secunia.com/advisories/48973

http://security.gentoo.org/glsa/glsa-201204-04.xml

http://support.apple.com/kb/HT5503

http://www.debian.org/security/2012/dsa-2428

http://www.mandriva.com/security/advisories?name=MDVSA-2012:057

http://www.mozilla.org/security/announce/2012/mfsa2012-21.html

http://www.openwall.com/lists/oss-security/2012/03/06/16

http://www.securityfocus.com/bid/52318

http://www.securitytracker.com/id?1026765

http://www.ubuntu.com/usn/USN-1403-1

https://bugzilla.mozilla.org/show_bug.cgi?id=733512

https://bugzilla.redhat.com/show_bug.cgi?id=800591

http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00015.html

http://secunia.com/advisories/48300

http://secunia.com/advisories/48508

http://secunia.com/advisories/48797

http://secunia.com/advisories/48822

http://secunia.com/advisories/48918

http://secunia.com/advisories/48951

http://secunia.com/advisories/48973

http://security.gentoo.org/glsa/glsa-201204-04.xml

http://support.apple.com/kb/HT5503

http://www.debian.org/security/2012/dsa-2428

http://www.mandriva.com/security/advisories?name=MDVSA-2012:057

http://www.mozilla.org/security/announce/2012/mfsa2012-21.html

http://www.openwall.com/lists/oss-security/2012/03/06/16

http://www.securityfocus.com/bid/52318

http://www.securitytracker.com/id?1026765

http://www.ubuntu.com/usn/USN-1403-1

https://bugzilla.mozilla.org/show_bug.cgi?id=733512

https://bugzilla.redhat.com/show_bug.cgi?id=800591