It was discovered that missing input sanitising in Freetype"s processing of CID-keyed fonts could lead to the execution of arbitrary code.