Mateusz Jurczyk from the Google Security Team discovered several vulnerabilties in Freetype's parsing of BDF, Type1 and TrueType fonts, which could result in the execution of arbitrary code if a malformed font file is processed.

For the stable distribution (squeeze), this problem has been fixed in version 2.4.2-2.1+squeeze4. The updated packages are already available since yesterday, but the advisory text couldn't be send earlier. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your freetype packages.

The FreeType 2 library is a software font engine.

freetype on Debian Linux

This check tests the installed software version using the apt package manager.

• http://www.debian.org/security/2012/dsa-2428.html

---

Updated on 2015-03-25