freetype is vulnerable to arbitrary code execution. The vulnerability exists as an integer overflow flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=6305b869d86ff415a33576df6d43729673c66eee
lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html
marc.info/?l=oss-security&m=127905701201340&w=2
marc.info/?l=oss-security&m=127909326909362&w=2
secunia.com/advisories/48951
securitytracker.com/id?1024266
support.apple.com/kb/HT4435
www.debian.org/security/2010/dsa-2070
www.mandriva.com/security/advisories?name=MDVSA-2010:137
www.redhat.com/security/updates/classification/#important
www.redhat.com/support/errata/RHSA-2010-0577.html
www.redhat.com/support/errata/RHSA-2010-0578.html
www.ubuntu.com/usn/USN-963-1
access.redhat.com/errata/RHSA-2010:0577
access.redhat.com/errata/RHSA-2010:0578
access.redhat.com/security/cve/CVE-2010-2500
bugzilla.redhat.com/show_bug.cgi?id=613167
savannah.nongnu.org/bugs/?30263