製品・ソフトウェアに関する情報

JVN脆弱性詳細

Mozilla Firefox Mobile およびその他の製品で使用される FreeType におけるサービス運用妨害 (DoS) の脆弱性

Title	Mozilla Firefox Mobile およびその他の製品で使用される FreeType におけるサービス運用妨害 (DoS) の脆弱性
Summary	Mozilla Firefox Mobile およびその他の製品で使用される FreeType には、サービス運用妨害 (不正なヒープ読み込み操作およびメモリ破損) 状態となる、または任意のコードを実行される脆弱性が存在します。
Possible impacts	第三者により、BDF フォント内の巧妙に細工されたプロパティデータを介して、サービス運用妨害 (不正なヒープ読み込み操作およびメモリ破損) 状態にされる、または任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	April 24, 2012, midnight
Registration Date	April 26, 2012, 4:21 p.m.
Last Update	Oct. 3, 2012, 6:05 p.m.

CVSS2.0 : 危険
Score	10
Vector	AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected System

Mozilla Foundation

Mozilla Firefox Mobile 10.0.4 未満

アップル

iOS 6 未満 (iPad 2 以降)

iOS 6 未満 (iPhone 3GS 以降)

iOS 6 未満 (iPod touch 第 4 世代以降)

FreeType Project

FreeType 2.4.9 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-1126	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1126
National Vulnerability Database (NVD)
2	CVE-2012-1126	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1126

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
Apple Security Updates
1	HT5503	http://support.apple.com/kb/HT5503
Apple セキュリティアップデート
2	HT5503	http://support.apple.com/kb/HT5503?viewlocale=ja_JP
freetype
3	Top Page	http://www.freetype.org/
Gentoo Linux Security Advisory
4	GLSA 201204-04	http://www.gentoo.org/security/en/glsa/glsa-201204-04.xml
Mozilla Foundation Security Advisory
5	MFSA2012-21	http://www.mozilla.org/security/announce/2012/mfsa2012-21.html
Mozilla Foundation セキュリティアドバイザリ
6	MFSA2012-21	http://www.mozilla-japan.org/security/announce/2012/mfsa2012-21.html
opensuse-security-announce
7	SUSE-SU-2012:0483	http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00002.html
8	SUSE-SU-2012:0521	http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00015.html
Red Hat Security Advisory
9	RHSA-2012:0467	http://rhn.redhat.com/errata/RHSA-2012-0467.html
SECURITY BLOG
10	Multiple Denial of Service (DoS) vulnerabilities in FreeType	https://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_dos1

その他

No	Name	URL
JVN
1	JVNVU#624491	http://jvn.jp/cert/JVNVU624491/index.html

Change Log

No	Changed Details	Date of change
0	[2012年04月26日] 掲載 [2012年06月26日] ベンダ情報：オラクル (Multiple Denial of Service (DoS) vulnerabilities in FreeType) を追加 [2012年09月05日] ベンダ情報：Gentoo Linux (GLSA 201204-04) を追加ベンダ情報：openSUSE (SUSE-SU-2012:0521) を追加ベンダ情報：openSUSE (SUSE-SU-2012:0483) を追加ベンダ情報：レッドハット (RHSA-2012:0467) を追加 [2012年10月03日] 影響を受けるシステム：アップル (HT5503) の情報を追加ベンダ情報：アップル (HT5503) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2012-1126

Summary	FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a BDF font.
Publication Date	April 25, 2012, 7:10 p.m.
Registration Date	Jan. 27, 2021, 12:09 p.m.
Last Update	Nov. 21, 2024, 10:36 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:freetype:freetype:2.0.3:::::::*
cpe:2.3:a:freetype:freetype:2.4.0:::::::*
cpe:2.3:a:freetype:freetype:2.4.2:::::::*
cpe:2.3:a:mozilla:firefox_mobile:4.0:beta2::::::
cpe:2.3:a:freetype:freetype:2.3.6:::::::*
cpe:2.3:a:freetype:freetype::::::::		2.4.8
cpe:2.3:a:freetype:freetype:2.1.9:::::::*
cpe:2.3:a:freetype:freetype:2.1.10:::::::*
cpe:2.3:a:freetype:freetype:2.3.4:::::::*
cpe:2.3:a:freetype:freetype:2.0.1:::::::*
cpe:2.3:a:freetype:freetype:2.3.5:::::::*
cpe:2.3:a:mozilla:firefox_mobile:8.0:::::::*
cpe:2.3:a:mozilla:firefox_mobile:10.0.1:::::::*
cpe:2.3:a:mozilla:firefox_mobile:7.0:::::::*
cpe:2.3:a:freetype:freetype:2.1:::::::*
cpe:2.3:a:freetype:freetype:2.1.5:::::::*
cpe:2.3:a:freetype:freetype:2.3.10:::::::*
cpe:2.3:a:mozilla:firefox_mobile:10.0.2:::::::*
cpe:2.3:a:mozilla:firefox_mobile:4.0:beta3::::::
cpe:2.3:a:freetype:freetype:1.3.1:::::::*
cpe:2.3:a:mozilla:firefox_mobile:6.0.2:::::::*
cpe:2.3:a:freetype:freetype:2.4.4:::::::*
cpe:2.3:a:freetype:freetype:2.4.6:::::::*
cpe:2.3:a:freetype:freetype:2.1.8:::::::*
cpe:2.3:a:freetype:freetype:2.2.1:::::::*
cpe:2.3:a:freetype:freetype:2.1.3:::::::*
cpe:2.3:a:mozilla:firefox_mobile:6.0:::::::*
cpe:2.3:a:freetype:freetype:2.3.3:::::::*
cpe:2.3:a:freetype:freetype:2.1.6:::::::*
cpe:2.3:a:mozilla:firefox_mobile:9.0:::::::*
cpe:2.3:a:freetype:freetype:2.3.0:::::::*
cpe:2.3:a:freetype:freetype:2.3.1:::::::*
cpe:2.3:a:freetype:freetype:2.0.5:::::::*
cpe:2.3:a:freetype:freetype:2.4.1:::::::*
cpe:2.3:a:freetype:freetype:2.4.3:::::::*
cpe:2.3:a:freetype:freetype:2.0.7:::::::*
cpe:2.3:a:freetype:freetype:2.0.9:::::::*
cpe:2.3:a:freetype:freetype:2.1.8:rc1::::::
cpe:2.3:a:freetype:freetype:2.3.7:::::::*
cpe:2.3:a:mozilla:firefox_mobile:4.0:beta1::::::
cpe:2.3:a:freetype:freetype:2.0.6:::::::*
cpe:2.3:a:freetype:freetype:2.0.4:::::::*
cpe:2.3:a:mozilla:firefox_mobile:1.0:::::::*
cpe:2.3:a:freetype:freetype:2.3.8:::::::*
cpe:2.3:a:freetype:freetype:2.3.11:::::::*
cpe:2.3:a:mozilla:firefox_mobile:6.0.1:::::::*
cpe:2.3:a:freetype:freetype:2.3.2:::::::*
cpe:2.3:a:mozilla:firefox_mobile:4.0:beta4::::::
cpe:2.3:a:freetype:freetype:2.0.2:::::::*
cpe:2.3:a:freetype:freetype:2.0.8:::::::*
cpe:2.3:a:freetype:freetype:2.3.12:::::::*
cpe:2.3:a:mozilla:firefox_mobile::::::::		10.0.3
cpe:2.3:a:freetype:freetype:2.3.9:::::::*
cpe:2.3:a:mozilla:firefox_mobile:4.0:::::::*
cpe:2.3:a:mozilla:firefox_mobile:10.0:::::::*
cpe:2.3:a:freetype:freetype:2.4.5:::::::*
cpe:2.3:a:mozilla:firefox_mobile:5.0:::::::*
cpe:2.3:a:freetype:freetype:2.1.7:::::::*
cpe:2.3:a:freetype:freetype:2.4.7:::::::*
cpe:2.3:a:freetype:freetype:2.1.4:::::::*
cpe:2.3:a:freetype:freetype:2.0.0:::::::*
cpe:2.3:a:freetype:freetype:2.2.0:::::::*

Related information, measures and tools

No	URL	タグ
1	http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
2	http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
3	http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00002.html
4	http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00002.html
5	http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00003.html
6	http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00003.html
7	http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00004.html
8	http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00004.html
9	http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00015.html
10	http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00015.html
11	http://rhn.redhat.com/errata/RHSA-2012-0467.html
12	http://rhn.redhat.com/errata/RHSA-2012-0467.html
13	http://secunia.com/advisories/48508
14	http://secunia.com/advisories/48508
15	http://secunia.com/advisories/48758
16	http://secunia.com/advisories/48758
17	http://secunia.com/advisories/48797
18	http://secunia.com/advisories/48797
19	http://secunia.com/advisories/48822
20	http://secunia.com/advisories/48822
21	http://secunia.com/advisories/48918
22	http://secunia.com/advisories/48918
23	http://secunia.com/advisories/48951
24	http://secunia.com/advisories/48951
25	http://secunia.com/advisories/48973
26	http://secunia.com/advisories/48973
27	http://security.gentoo.org/glsa/glsa-201204-04.xml
28	http://security.gentoo.org/glsa/glsa-201204-04.xml
29	http://support.apple.com/kb/HT5503
30	http://support.apple.com/kb/HT5503
31	http://www.mandriva.com/security/advisories?name=MDVSA-2012:057
32	http://www.mandriva.com/security/advisories?name=MDVSA-2012:057
33	http://www.mozilla.org/security/announce/2012/mfsa2012-21.html	Vendor Advisory
34	http://www.mozilla.org/security/announce/2012/mfsa2012-21.html	Vendor Advisory
35	http://www.openwall.com/lists/oss-security/2012/03/06/16
36	http://www.openwall.com/lists/oss-security/2012/03/06/16
37	http://www.securityfocus.com/bid/52318
38	http://www.securityfocus.com/bid/52318
39	http://www.securitytracker.com/id?1026765
40	http://www.securitytracker.com/id?1026765
41	http://www.ubuntu.com/usn/USN-1403-1
42	http://www.ubuntu.com/usn/USN-1403-1
43	https://bugzilla.mozilla.org/show_bug.cgi?id=733512
44	https://bugzilla.mozilla.org/show_bug.cgi?id=733512
45	https://bugzilla.redhat.com/show_bug.cgi?id=800581
46	https://bugzilla.redhat.com/show_bug.cgi?id=800581

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:freetype:freetype:2.0.3:::::::*
cpe:2.3:a:freetype:freetype:2.4.0:::::::*
cpe:2.3:a:freetype:freetype:2.4.2:::::::*
cpe:2.3:a:mozilla:firefox_mobile:4.0:beta2::::::
cpe:2.3:a:freetype:freetype:2.3.6:::::::*
cpe:2.3:a:freetype:freetype::::::::		2.4.8
cpe:2.3:a:freetype:freetype:2.1.9:::::::*
cpe:2.3:a:freetype:freetype:2.1.10:::::::*
cpe:2.3:a:freetype:freetype:2.3.4:::::::*
cpe:2.3:a:freetype:freetype:2.0.1:::::::*
cpe:2.3:a:freetype:freetype:2.3.5:::::::*
cpe:2.3:a:mozilla:firefox_mobile:8.0:::::::*
cpe:2.3:a:mozilla:firefox_mobile:10.0.1:::::::*
cpe:2.3:a:mozilla:firefox_mobile:7.0:::::::*
cpe:2.3:a:freetype:freetype:2.1:::::::*
cpe:2.3:a:freetype:freetype:2.1.5:::::::*
cpe:2.3:a:freetype:freetype:2.3.10:::::::*
cpe:2.3:a:mozilla:firefox_mobile:10.0.2:::::::*
cpe:2.3:a:mozilla:firefox_mobile:4.0:beta3::::::
cpe:2.3:a:freetype:freetype:1.3.1:::::::*
cpe:2.3:a:mozilla:firefox_mobile:6.0.2:::::::*
cpe:2.3:a:freetype:freetype:2.4.4:::::::*
cpe:2.3:a:freetype:freetype:2.4.6:::::::*
cpe:2.3:a:freetype:freetype:2.1.8:::::::*
cpe:2.3:a:freetype:freetype:2.2.1:::::::*
cpe:2.3:a:freetype:freetype:2.1.3:::::::*
cpe:2.3:a:mozilla:firefox_mobile:6.0:::::::*
cpe:2.3:a:freetype:freetype:2.3.3:::::::*
cpe:2.3:a:freetype:freetype:2.1.6:::::::*
cpe:2.3:a:mozilla:firefox_mobile:9.0:::::::*
cpe:2.3:a:freetype:freetype:2.3.0:::::::*
cpe:2.3:a:freetype:freetype:2.3.1:::::::*
cpe:2.3:a:freetype:freetype:2.0.5:::::::*
cpe:2.3:a:freetype:freetype:2.4.1:::::::*
cpe:2.3:a:freetype:freetype:2.4.3:::::::*
cpe:2.3:a:freetype:freetype:2.0.7:::::::*
cpe:2.3:a:freetype:freetype:2.0.9:::::::*
cpe:2.3:a:freetype:freetype:2.1.8:rc1::::::
cpe:2.3:a:freetype:freetype:2.3.7:::::::*
cpe:2.3:a:mozilla:firefox_mobile:4.0:beta1::::::
cpe:2.3:a:freetype:freetype:2.0.6:::::::*
cpe:2.3:a:freetype:freetype:2.0.4:::::::*
cpe:2.3:a:mozilla:firefox_mobile:1.0:::::::*
cpe:2.3:a:freetype:freetype:2.3.8:::::::*
cpe:2.3:a:freetype:freetype:2.3.11:::::::*
cpe:2.3:a:mozilla:firefox_mobile:6.0.1:::::::*
cpe:2.3:a:freetype:freetype:2.3.2:::::::*
cpe:2.3:a:mozilla:firefox_mobile:4.0:beta4::::::
cpe:2.3:a:freetype:freetype:2.0.2:::::::*
cpe:2.3:a:freetype:freetype:2.0.8:::::::*
cpe:2.3:a:freetype:freetype:2.3.12:::::::*
cpe:2.3:a:mozilla:firefox_mobile::::::::		10.0.3
cpe:2.3:a:freetype:freetype:2.3.9:::::::*
cpe:2.3:a:mozilla:firefox_mobile:4.0:::::::*
cpe:2.3:a:mozilla:firefox_mobile:10.0:::::::*
cpe:2.3:a:freetype:freetype:2.4.5:::::::*
cpe:2.3:a:mozilla:firefox_mobile:5.0:::::::*
cpe:2.3:a:freetype:freetype:2.1.7:::::::*
cpe:2.3:a:freetype:freetype:2.4.7:::::::*
cpe:2.3:a:freetype:freetype:2.1.4:::::::*
cpe:2.3:a:freetype:freetype:2.0.0:::::::*
cpe:2.3:a:freetype:freetype:2.2.0:::::::*