Memory corruption on EOT (Embedded Open Type) font parsing, privilege escalation, DoS.
vulners.com/securityvulns/securityvulns:doc:22768