Microsoft DirectWrite / AFDKO suffers from a heap-based buffer overflow vulnerability in OpenType font handling in readCharset.

MD5 | 2390f6f6b9d3f16e5ec16d348e370a2a

Source