FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid "number of axes" field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption.
| Product | Vendor | Version |
|---|---|---|
| n/a | n/a | 11.5.1-11.5.5 |