The Announcement On Monday Meta announced a flaw in FreeType versions 2.13.0 and below that can allow remote code execution. From the announcement: An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocat...
