CVE-2024-42358
PDFio contains a denial-of-service vulnerability in its TTF parser. A crafted TrueType font can trigger an infinite loop in read_camp by manipulating nGroups, causing 100% memory usage and a heap-buffer-overflow. The ttf.h component is implicated; impact is local and leads to DOS if exploited thr...