FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation. CREATE(Triage):(User=admin) [CVE-2015-9382|https://nvd.nist.gov/vuln/detail/CVE-2015-9382]