Pretty sure this doesn’t impact us, but just thought I’d throw this out there:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2426
Looks like Microsoft’s AFM library didn’t properly sanitize malicious OpenType font files and suffered from a buffer underflow, allowing for arbitrary code execution.
Ben Root