>> ARCHIVE: 2019-07

Microsoft DirectWrite / AFDKO suffers from a heap-based buffer overflow vulnerability in OpenType font handling in readCharset.

phpFK lite-version suffers from multiple cross site scripting vulnerabilities.

Microsoft DirectWrite / AFDKO suffers from a heap-based buffer overflow vulnerability in OpenType font handling in readEncoding.

Firefox version 67.0.4 suffers from a denial of service vulnerability.

Karenderia CMS version 5.3 suffers from a cross site scripting vulnerability.

An issue has been discovered where the Microsoft Font Subsetting DLL (fontsub.dll) suffers from a heap-based out-of-bounds read vulnerability in MergeFonts.