The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a broken number-with-base in a Postscript stream, as demonstrated by 8#garbage.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Freetype | Freetype | * | 2.5.2 (including) |