Multiple vulnerabilities were discovered and corrected in freetype2: An error within the "Ins_SHZ" function in src/truetype/ttinterp.c when handling the "SHZ" bytecode instruction can be exploited to cause a crash and potentially execute arbitrary code via a specially crafted font . An error exists in the "ft_var_readpackedpoints" function in src/truetype/ttgxvar.c when processing TrueType GX fonts and can be exploited to cause a heap-based buffer overflow via a specially crafted font . Packages for 2009.0 are provided as of the Extended Maintenance Program