freetype is vulnerable to arbitrary code execution. The vulnerability exists as multiple flaws were found in the way FreeType handled TrueType Font (TTF), Glyph Bitmap Distribution Format (BDF), Windows .fnt and .fon, and PostScript Type 1 fonts. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
lists.opensuse.org/opensuse-security-announce/2012-04/msg00003.html
lists.opensuse.org/opensuse-security-announce/2012-04/msg00004.html
rhn.redhat.com/errata/RHSA-2012-0467.html
secunia.com/advisories/48300
secunia.com/advisories/48508
secunia.com/advisories/48758
secunia.com/advisories/48822
secunia.com/advisories/48973
security.gentoo.org/glsa/glsa-201204-04.xml
support.apple.com/kb/HT5503
www.debian.org/security/2012/dsa-2428
www.mandriva.com/security/advisories?name=MDVSA-2012:057
www.mozilla.org/security/announce/2012/mfsa2012-21.html
www.openwall.com/lists/oss-security/2012/03/06/16
www.securityfocus.com/bid/52318
www.securitytracker.com/id?1026765
www.ubuntu.com/usn/USN-1403-1
access.redhat.com/errata/RHSA-2012:0467
access.redhat.com/security/cve/CVE-2012-1144
access.redhat.com/security/updates/classification/#important
bugzilla.mozilla.org/show_bug.cgi?id=733512
bugzilla.redhat.com/show_bug.cgi?id=800607