Mandriva Linux Security Advisory 2010-236 - Multiple vulnerabilities were discovered and corrected in freetype2. An error within the "Ins_SHZ()" function in src/truetype/ttinterp.c when handling the "SHZ" bytecode instruction can be exploited to cause a crash and potentially execute arbitrary code via a specially crafted font. An error exists in the "ft_var_readpackedpoints()" function in src/truetype/ttgxvar.c when processing TrueType GX fonts and can be exploited to cause a heap-based buffer overflow via a specially crafted font.
082e3d14d51c0c4429d4ac6085aeee9d68bb604f0f963c33a896c08708daa057