>>fugled+(OP)
Can someone explain why HarfBuzz isn't a potentially serious security vulnerability? Couldn't someone create a .ttf file that looks like one of the standard .ttf files but includes similar capability to this llama.ttf to execute arbitrary code?