Vulners
Lucene search
📄 FreeType Font Rendering Overflow Test Harness / Crash Detection
==================================================================================================================================
| # Title : FreeType Font Rendering Overflow Test Harness Crash Detection |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits) |
| # Vendor : https://freetype.org/ |
==================================================================================================================================
[+] Summary : This C program is a testing harness built around the FreeType font rendering library to detect potential memory corruption issues
(such as heap buffer overflows) when loading malicious or malformed TrueType font files.
[+] POC :
#include <ft2build.h>
#include FT_FREETYPE_H
#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
#include <setjmp.h>
jmp_buf crash_jmp;
void sigsegv_handler(int sig) {
longjmp(crash_jmp, 1);
}
int main(int argc, char** argv) {
FT_Library library;
FT_Face face;
int overflow_detected = 0;
if (argc < 2) {
printf("Usage: %s malicious.ttf [glyph_index]\n", argv[0]);
return 1;
}
signal(SIGSEGV, sigsegv_handler);
if (setjmp(crash_jmp) == 0) {
FT_Init_FreeType(&library);
FT_Property_Set(library, "truetype", "interpreter-version", 35);
if (FT_New_Face(library, argv[1], 0, &face)) {
printf("Failed to load font\n");
return 1;
}
int glyph_index = (argc > 2) ? atoi(argv[2]) : 2;
printf("[*] Loading glyph %d...\n", glyph_index);
int error = FT_Load_Glyph(face, glyph_index,
FT_LOAD_NO_SCALE | FT_LOAD_NO_HINTING);
if (!error) {
printf("[!] Glyph loaded without crash (patch might be applied)\n");
} else {
printf("[!] Error loading glyph: %d\n", error);
}
FT_Done_Face(face);
FT_Done_FreeType(library);
} else {
printf("[+] CRASH DETECTED: Heap buffer overflow occurred!\n");
overflow_detected = 1;
}
return overflow_detected ? 0 : 1;
}
Greetings to :==============================================================================
jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|
============================================================================================Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
15 Jun 2026 00:00Current
5.7Medium risk
Vulners AI Score5.7