Multiple integer overflows in FreeType before 2.2 allow remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2)
sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and
a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally
identified by CVE-2006-2493.
|