Core Security Technologies Advisory - The Apple Type Services is prone to memory corruption due a sign mismatch vulnerability when handling the last offset value of the CharStrings INDEX structure. This vulnerability could be used by a remote attacker to execute arbitrary code, by enticing the user of Mac OS X v10.5.x to view or download a PDF document containing a embedded malicious CFF font.
68f4efdb58f840ab80355a23048b12dea182facc85054b76571b1964d5254a0e