Sergei Glazunov discovered a heap-based buffer overflow vulnerability in
the handling of embedded PNG bitmaps in FreeType. Opening malformed
fonts may result in denial of service or the execution of arbitrary
For the stable distribution (buster), this problem has been fixed in
We recommend that you upgrade your freetype packages.