The bug is triggered by fonts with embedded PNG images reporting a size over 65535. There is an active exploit targeting Chrome but other things that use Freetype and pipe in fonts from the interwebs may be vulnerable as well.
Gory details: https://savannah.nongnu.org/bugs/?59308
Gory details: https://savannah.nongnu.org/bugs/?59308