zlacker

[return to "Llama.ttf: A font which is also an LLM"]
1. electr+4e[view] [source] 2024-06-23 14:19:38
>>fugled+(OP)
While cool, technically… From a security perspective today I learned that TrueType fonts have arbitrary code execution as a ‘feature’ which seems mostly horrific.
◧◩
2. samwil+xe[view] [source] 2024-06-23 14:25:55
>>electr+4e
Not really, no more so than a random webpage running js/WASM in a sandbox.

The only output from the WASM is to draw to screen. There is no chance of a RCE, or data exfiltration.

◧◩◪
3. kenfer+4t[view] [source] 2024-06-23 16:27:38
>>samwil+xe
Why do you say that? Security exploits involving fonts are extremely common.
[go to top]