Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in smooth/ftsmooth.c, sfnt/ttcmap.c, and cff/cffload.c. This update corrects the problem.