FreeType is a free, high-quality, portable font engine.
An integer overflow flaw was found in the way the FreeType font engine processed BDF font files. If a user loaded a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or execute arbitrary code. While it is uncommon for a user to explicitly load a font file, there are several application file formats which contain embedded fonts that are parsed by FreeType. (CVE-2007-1351)
This flaw did not affect the version of FreeType shipped in Red Hat Enterprise Linux 2.1.
Users of FreeType should upgrade to these updated packages, which contain a backported patch to correct this issue.
Red Hat would like to thank iDefense for reporting this issue.