Gentoo Linux Security Advisory 201201-9 - Multiple vulnerabilities have been found in FreeType, allowing remote attackers to possibly execute arbitrary code or cause a Denial of Service. Versions less than 2.4.8 are affected.
c2f545da77d59dcae89071ef5db306706481440c4f480de96b07a59229faf95e
Apple Security Advisory 2011-10-12-3 - OS X Lion has a security update available that addresses findings in Apache, a format string vulnerability in the Application Firewall, an arbitrary code execution vulnerability when viewing a malicious font via ATS, and 60+ other issues.
4d539896720bca2e48b218929a6c10484c83d72ac4b634adbd7f33f680f59ede
Debian Linux Security Advisory 2294-1 - It was discovered that insufficient input sanitization in Freetype's code to parse Type1 could lead to the execution of arbitrary code.
13c203ba3dcafd8784f69773eb40c1a6bc1e069b6f9b53465db5912f0bfc25ea
Mandriva Linux Security Advisory 2011-120 - Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, allows remote attackers to execute arbitrary code or cause a denial of service via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.
c6327c04cc1f8a878340ba858f3e80a09236c75996f3bfb90d9d1f2b2d6c3bef
Ubuntu Security Notice 1173-1 - It was discovered that FreeType did not correctly handle certain malformed Type 1 font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.
5bac17a6d756ec96bf4ab033ae33038414812531bb4a71656a50f898c8fc0067
Red Hat Security Advisory 2011-1085-01 - A flaw was found in the way the FreeType font rendering engine processed certain PostScript Type 1 fonts. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The X server must be restarted for this update to take effect.
dbcb59957019948262934a95e6d17915a72a492466ce357bb009560b8031ef27
Apple Security Advisory 2011-07-15-2 - A buffer overflow exists in FreeType's handling of TrueType font files. Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. A signedness issue exists in FreeType's handling of Type 1 fonts. Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. An invalid type conversion issue exists in the use of IOMobileFrameBuffer queueing primitives, which may allow malicious code running as the user to gain system privileges.
edfe889bbf74860d0bd555d71b0a140df267165c93e7e961078574b86529708e