📄 FreeType Font Rendering Overflow Test Harness / Crash Detection

Description

This C program is a testing harness built around the FreeType font rendering library to detect potential memory corruption issues such as heap buffer overflows when loading malicious or malformed TrueType font files...

Visit Original Source

Basic Information

ID PACKETSTORM:223392

Published Jun 15, 2026 at 00:00

Affected Product

Affected Versions ==================================================================================================================================
| # Title : FreeType Font Rendering Overflow Test Harness Crash Detection |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits) |
| # Vendor : https://freetype.org/ |
==================================================================================================================================

[+] Summary : This C program is a testing harness built around the FreeType font rendering library to detect potential memory corruption issues
(such as heap buffer overflows) when loading malicious or malformed TrueType font files.

[+] POC :

#include <ft2build.h>
#include FT_FREETYPE_H
#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
#include <setjmp.h>

jmp_buf crash_jmp;

void sigsegv_handler(int sig) {
longjmp(crash_jmp, 1);
}

int main(int argc, char** argv) {
FT_Library library;
FT_Face face;
int overflow_detected = 0;

if (argc < 2) {
printf("Usage: %s malicious.ttf [glyph_index]\n", argv[0]);
return 1;
}

signal(SIGSEGV, sigsegv_handler);

if (setjmp(crash_jmp) == 0) {
FT_Init_FreeType(&library);
FT_Property_Set(library, "truetype", "interpreter-version", 35);

if (FT_New_Face(library, argv[1], 0, &face)) {
printf("Failed to load font\n");
return 1;
}

int glyph_index = (argc > 2) ? atoi(argv[2]) : 2;
printf("[*] Loading glyph %d...\n", glyph_index);

int error = FT_Load_Glyph(face, glyph_index,
FT_LOAD_NO_SCALE | FT_LOAD_NO_HINTING);

if (!error) {
printf("[!] Glyph loaded without crash (patch might be applied)\n");
} else {
printf("[!] Error loading glyph: %d\n", error);
}

FT_Done_Face(face);
FT_Done_FreeType(library);
} else {
printf("[+] CRASH DETECTED: Heap buffer overflow occurred!\n");
overflow_detected = 1;
}

return overflow_detected ? 0 : 1;
}

Greetings to :==============================================================================
jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|
============================================================================================

{
    "lastseen": "2026-06-15T16:48:11",
    "description": "This C program is a testing harness built around the FreeType font rendering library to detect potential memory corruption issues such as heap buffer overflows when loading malicious or malformed TrueType font files...",
    "published": "2026-06-15T00:00:00",
    "modified": "2026-06-15T00:00:00",
    "type": "packetstorm",
    "title": "\ud83d\udcc4 FreeType Font Rendering Overflow Test Harness / Crash Detection",
    "source": "",
    "references": "",
    "id": "PACKETSTORM:223392",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [],
    "sourceData": "==================================================================================================================================\n    | # Title     : FreeType Font Rendering Overflow Test Harness Crash Detection                                                    |\n    | # Author    : indoushka                                                                                                        |\n    | # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits)                                                 |\n    | # Vendor    : https://freetype.org/                                                                                            |\n    ==================================================================================================================================\n    \n    [+] Summary    : This C program is a testing harness built around the FreeType font rendering library to detect potential memory corruption issues \n                     (such as heap buffer overflows) when loading malicious or malformed TrueType font files.\n    \n    [+] POC        :  \n    \n    #include <ft2build.h>\n    #include FT_FREETYPE_H\n    #include <stdio.h>\n    #include <stdlib.h>\n    #include <signal.h>\n    #include <setjmp.h>\n    \n    jmp_buf crash_jmp;\n    \n    void sigsegv_handler(int sig) {\n        longjmp(crash_jmp, 1);\n    }\n    \n    int main(int argc, char** argv) {\n        FT_Library library;\n        FT_Face face;\n        int overflow_detected = 0;\n        \n        if (argc < 2) {\n            printf(\"Usage: %s malicious.ttf [glyph_index]\\n\", argv[0]);\n            return 1;\n        }\n        \n        signal(SIGSEGV, sigsegv_handler);\n        \n        if (setjmp(crash_jmp) == 0) {\n            FT_Init_FreeType(&library);\n            FT_Property_Set(library, \"truetype\", \"interpreter-version\", 35);\n            \n            if (FT_New_Face(library, argv[1], 0, &face)) {\n                printf(\"Failed to load font\\n\");\n                return 1;\n            }\n            \n            int glyph_index = (argc > 2) ? atoi(argv[2]) : 2;\n            printf(\"[*] Loading glyph %d...\\n\", glyph_index);\n    \n            int error = FT_Load_Glyph(face, glyph_index, \n                                       FT_LOAD_NO_SCALE | FT_LOAD_NO_HINTING);\n            \n            if (!error) {\n                printf(\"[!] Glyph loaded without crash (patch might be applied)\\n\");\n            } else {\n                printf(\"[!] Error loading glyph: %d\\n\", error);\n            }\n            \n            FT_Done_Face(face);\n            FT_Done_FreeType(library);\n        } else {\n            printf(\"[+] CRASH DETECTED: Heap buffer overflow occurred!\\n\");\n            overflow_detected = 1;\n        }\n        \n        return overflow_detected ? 0 : 1;\n    }\n    \n    \t\n    Greetings to :==============================================================================\n    jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|\n    ============================================================================================",
    "sourceHref": "https://packetstorm.news/download/223392",
    "cvss": {
        "score": 0,
        "severity": "NONE",
        "vector": "NONE",
        "version": "NONE"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://packetstorm.news/files/id/223392/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

📄 FreeType Font Rendering Overflow Test Harness / Crash Detection_PACKETSTORM:223392

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply