Debian Linux Security Advisory 2428-1 - Mateusz Jurczyk from the Google Security Team discovered several vulnerabilities in Freetype's parsing of BDF, Type1 and TrueType fonts, which could result in the execution of arbitrary code if a malformed font file is processed.
886293d86accc3d80d600c63a61781984074e5b2beda499132f372e4ed2dba17