Simon Bünzli

**Name of the Vulnerable Software and Affected Versions** FreeType versions prior to 2.5.3 **Description** The issue allows remote attackers to cause a denial of service, specifically an infinite loop, by providing a "broken number-with-base" in a Postscript stream. This can be demonstrated with input such as '8#garbage'. **Recommendations** For versions prior to 2.5.3, update to version 2.5.3 or later to resolve the issue. As a temporary workaround, consider restricting the input to the parse encoding function to prevent the infinite loop.