Comment 2 for bug 537638

A similar problem affects the SetVF() function in texlive-bin-2007.dfsg.2/build/source/texk/dvipng/vf.c (user-controlled index into an array, potentially leading to arbitrary code execution) and the SetGlyph() function in set.c. The same check is applicable - check that "c" is between 0 and NFNTCHARS. I have also triggered crashes for these cases.