A security study by Australian graphics division Canva has revealed several new vulnerabilities in fonts, highlighting long-standing security concerns surrounding graphics processing.
Canva, an online graphic design platform, has identified three new types of vulnerabilities in its font processing software. The issues identified include a high-level bug in the FontTools library, as well as vulnerabilities related to the naming and compression of font files. The identified vulnerabilities could lead to unauthorized code execution through the manipulation of font archive files and the handling of untrusted XML.
In the field of graphic design, fonts are an integral part of image processing, but they also pose potential security risks. Security issues related to fonts are not new; Google’s Project Zero drew attention to similar vulnerabilities back in 2015. However, a recent study by Canva found that this area still needs significant attention from developers and security researchers.
A review of Canva’s research highlights the importance of considering fonts as potentially dangerous input and calls for further research in this area to ensure the security of corporate and personal data. The importance of being aware of these risks and developing security measures to address them is critical to protecting against potential cyberattacks.