A vulnerability has been reported in FreeType, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
The vulnerability is caused due to an integer overflow when parsing BDF fonts. This can be exploited to cause a heap-based buffer overflow via a specially crafted BDF font.
The vulnerability is reported in versions prior to 2.3.3.
fonts, please advise.
setting status and CC'ing maintainer.
I think Ryan took freetype2 over.
*** This bug has been marked as a duplicate of bug 172577 ***