Freetype is vulnerable to denial of service (DoS). It lacks the checking to control multiple request streams and continual shuffling of the priority of the streams in T1_Get_Private_Dict
in type1/t1parse.c
, consuming resources causing substantial churn to the priority tree and exceeding the limit.