Mandriva Linux Security Advisory 2015-089 - Updated freetype2 packages fix multiple security vulnerabilities.
d9af0018e0e96e3e988540710f546c85f77672c5edfba6bb08db2d042cb23ace
Debian Linux Security Advisory 3188-1 - Mateusz Jurczyk discovered multiple vulnerabilities in Freetype. Opening malformed fonts may result in denial of service or the execution of arbitrary code.
a20668f8db8083d4e55f9d72e09394b68908dfd1bbf6c65d7ed199563219642d
Gentoo Linux Security Advisory 201503-5 - Multiple vulnerabilities have been found in FreeType, possibly resulting in Denial of Service. Versions less than 2.5.5 are affected.
18c20fc5dea96db94329999ec37cf2a66601bd49860954c458cb8846091c88e5
Mandriva Linux Security Advisory 2015-055 - The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font. The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted TrueType font. The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted TrueType font. Various other issues have also been addressed.
ea5afe2e065748087b3505058fe600ae5ebe2dc2de3a8f9bd97dc15a6efff7e7
Ubuntu Security Notice 2510-1 - Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.
004b239ee393759fc7cb311874d2950a7c617c30b47ea5eaf837e1aa8242e9ec