FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and
other products, allows remote attackers to cause a denial of service
(invalid heap read operation and memory corruption) or possibly execute
arbitrary code via a crafted header in a BDF font.