FreeType Memory Corruption and Buffer Overflow Vulnerabilities (Windows)

Summary
This host is installed with FreeType and is prone to multiple vulnerabilities.
Impact
Successful exploitation may allow attackers to execute arbitrary code in the context of an application that uses the affected library. Failed exploitation attempts will likely result in denial-of-service conditions. Impact Level: Application
Solution
Upgrade to FreeType version 2.4.2 or later, For updates refer to http://www.freetype.org/
Insight
Multile flaws are due to, - An error in the 'demo' programs. - A heap-based buffer overflow in the 'Ins_IUP function()' in 'truetype/ttinterp.c' and 'Mac_Read_POST_Resource()' function in ' base/ftobjs.c'. - An integer overflow in the 'gray_render_span()' function in 'smooth/ftgrays.c' and integer underflow in 'glyph' handling. - A Buffer overflow in the 'Mac_Read_POST_Resource()' function in 'base/ftobjs.c'. - An error in the 'psh_glyph_find_strong_pointr()' function in 'pshinter/pshalgo.c'. when processing malformed font files,
Affected
FreeType versions prior to 2.4.0
References