Common Vulnerabilities and Exposures assigned an identifier CVE-2012-4190 to the following vulnerability: Name: CVE-2012-4190 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4190 Assigned: 20120808 Reference: http://www.mozilla.org/security/announce/2012/mfsa2012-88.html Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=790139 The FT2FontEntry::CreateFontEntry function in FreeType, as used in the Android build of Mozilla Firefox before 16.0.1 on CyanogenMod 10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. NOTE: the upstream bug is still private, so no further details are currently available as to whether or not this affects FreeType (or if it just affects the Firefox on Android usage and/or implementation of FreeType).
I read the upstream bug in full. It doesn't affect FreeType, or any other code we're interested in.
Hi Behdad, Agreed, thanks for looking into this though :)
Statement: Not Vulnerable. This issue does not affect the version of freetype as shipped with Red Hat Enterprise Linux 5 and 6.
This issue does not affect the version of freetype as shipped with Fedora 16 and 17.