Search for vulnerabilities
| Vulnerability ID | VCID-xp11-9392-cuf1 |
| Aliases |
CVE-2012-1138
|
| Summary | Mateusz Jurczyk of the Google Security Team used the Address Sanitizer tool to discover a series of memory safety bugs in the FreeType library, some of which could cause memory corruption and exploitable crashes with certain fonts and font parsing. Firefox Mobile has been upgraded to FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not use Freetype for fonts and was not affected. On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 9.0 |
| Risk | 4.5 |
| Affected and Fixed Packages | Package Details |
| CWE-122 | Heap-based Buffer Overflow |
| CWE-125 | Out-of-bounds Read |
| Percentile | 0.87203 |
| EPSS Score | 0.03525 |
| Published At | Aug. 15, 2025, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2025-07-31T08:10:29.326609+00:00 | Mozilla Importer | Import | https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2012/mfsa2012-21.md | 37.0.0 |