In the upcoming 0.7.6 release of the Profiler a great effort has been invested into supporting font formats. After SFonts (TrueType and collections) released with 0.7.5, the first font formats I’m going to present are WOFFs and EOTs. Both this font formats are actually containers for SFonts and they are used to deploy fonts on the web and are therefore usually compressed.
The Web Open Font Format (WOFF) is quite easy as format and certainly the more secure and logical of the two.
Being containers for SFonts, the Profiler contains a converter to SFont, which gives the ability to analyze the compressed font.
Same applies to Embedded OpenType fonts which is a format created by Microsoft.
These fonts are not only deployed on the web but can be found in Office documents as well. Unfortunately the Profiler doesn’t yet support compressed Embedded OpenType fonts. The compression happens in stages and uses a custom compression algorithm created by Microsoft and based on lz77 called lzcomp. This algorithm has been used as an exploit vector for remote code execution.