FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and
other products, allows remote attackers to cause a denial of service
(invalid heap write operation and memory corruption) or possibly execute
arbitrary code via crafted glyph-outline data in a font.