FreeType 2.10.4 has been released.
It is available from http://savannah.nongnu.org/download/freetype/ or http://sourceforge.net/projects/freetype/files/ The latter site also holds older versions of the FreeType library. See below for the relevant snippet from the CHANGES file. Enjoy! Werner PS: Downloads from savannah.nongnu.org will redirect to your nearest mirror site. Files on mirrors may be subject to a replication delay of up to 24 hours. In case of problems use http://download-mirror.savannah.gnu.org/releases/ ---------------------------------------------------------------------- http://www.freetype.org FreeType 2 is a software font engine that is designed to be small, efficient, highly customizable, and portable while capable of producing high-quality output (glyph images) of most vector and bitmap font formats. Note that FreeType 2 is a font service and doesn't provide APIs to perform higher-level features, like text layout or graphics processing (e.g., colored text rendering, `hollowing', etc.). However, it greatly simplifies these tasks by providing a simple, easy to use, and uniform interface to access the content of font files. FreeType 2 is released under two open-source licenses: our own BSD-like FreeType License and the GPL. It can thus be used by any kind of projects, be they proprietary or not. ---------------------------------------------------------------------- CHANGES BETWEEN 2.10.3 and 2.10.4 I. IMPORTANT BUG FIXES - A heap buffer overflow has been found in the handling of embedded PNG bitmaps, introduced in FreeType version 2.6. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999 If you use option FT_CONFIG_OPTION_USE_PNG you should upgrade immediately.