zlacker

[return to "Llama.ttf: A font which is also an LLM"]
1. electr+4e[view] [source] 2024-06-23 14:19:38
>>fugled+(OP)
While cool, technically… From a security perspective today I learned that TrueType fonts have arbitrary code execution as a ‘feature’ which seems mostly horrific.
◧◩
2. px43+5k[view] [source] 2024-06-23 15:11:23
>>electr+4e
If you think that's bad, until very recently, Windows used to parse ttf directly in the kernel, meaning that a target could look at a webpage, or read an email, and be executing arbitrary code in ring0.

Last I checked there were about 4-10 TTF bugs discovered and actively exploited per year. I think I heard those stats in 2018 or so. This has been a well known and very commonly exploited attack vector for at least 20 years.

◧◩◪
3. anthk+1W[view] [source] 2024-06-23 20:30:44
>>px43+5k
The same with Wav files.
◧◩◪◨
4. plaguu+Ji2[view] [source] 2024-06-24 13:14:39
>>anthk+1W
how can a wav file do anything? isnt it just raw data essentially?
[go to top]