CVE-2010-3814 (retired)

Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in
FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary
code or cause a denial of service (application crash) via a crafted SHZ
bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF
document with a crafted embedded font.
 mdeslaur> dapper doesn't look affected
More Information

Updated: 2019-08-23 08:41:16 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)