In FreeType a buffer over-read occured in type1/t1parse.c on function T1_Get_Private_Dict. The fix assures that ‘cur’ in the parser code doesn’t point to the end of the file buffer.
For Debian 7 Wheezy, these problems have been fixed in version 2.4.9-1.1+deb7u8.
We recommend that you upgrade your freetype packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/