Adobe Reader suffers from a CoolType unlimited out-of-bounds stack manipulation vulnerability via the BLEND operator.