Wow, that’s NASTY. Kernel-mode access from a simple website font. YIKES!
Wanna bet it is Yet Another Buffer Overflow... the problem is not the font — it is the silly software that is supposed to be able to handle it correctly no matter what it is.
To assume that third party data is always going to be friendly to your application is very foolish!