Hi Thomas,
Following up on my email. A couple of the table parsers (cmap format-12 and kern format-0) read entry counts from the font file without checking that the declared count fits within the subtable data. A malformed font can trigger out-of-bounds reads.
I have a fix ready and will open a PR shortly.
Best,
Chakshu
Hi Thomas,
Following up on my email. A couple of the table parsers (cmap format-12 and kern format-0) read entry counts from the font file without checking that the declared count fits within the subtable data. A malformed font can trigger out-of-bounds reads.
I have a fix ready and will open a PR shortly.
Best,
Chakshu