CVE-2012-1130: freetype: heap buffer over-read in PCF parser pcf_get_properties() (#35603)

Severity: Critical

CVSS Score: 9.3

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a PCF font.