zlacker

[return to "Llama.ttf: A font which is also an LLM"]
1. electr+4e[view] [source] 2024-06-23 14:19:38
>>fugled+(OP)
While cool, technically… From a security perspective today I learned that TrueType fonts have arbitrary code execution as a ‘feature’ which seems mostly horrific.
◧◩
2. samwil+xe[view] [source] 2024-06-23 14:25:55
>>electr+4e
Not really, no more so than a random webpage running js/WASM in a sandbox.

The only output from the WASM is to draw to screen. There is no chance of a RCE, or data exfiltration.

◧◩◪
3. turnso+lh[view] [source] 2024-06-23 14:52:08
>>samwil+xe
The risk is that you could have the text content say one thing while the visual display says another. There are social engineering and phishing risks.
◧◩◪◨
4. alexvi+sv1[view] [source] 2024-06-24 04:04:30
>>turnso+lh
If you control the font, you control the content as well, I don't see the attack vector.
[go to top]