I've found vulnerabilities in fontkit that allow a small crafted TrueType font to crash a Node.js process when accessing a composite glyph's path. Affects v2.0.4 (current npm release). Do you have a private channel: security email or GitHub Security Advisory to share details and PoC files?
I've found vulnerabilities in fontkit that allow a small crafted TrueType font to crash a Node.js process when accessing a composite glyph's path. Affects v2.0.4 (current npm release). Do you have a private channel: security email or GitHub Security Advisory to share details and PoC files?