[morx] Infinite loop for test case MORX-24

foliojs / fontkit

An advanced font engine for Node and the browser

1.47k stars 219 forks source link

Open brawer opened 5 years ago

brawer commented 5 years ago

A malicious font can trick fontkit into an infinite loop. See test case MORX-24.

brawer commented 10 months ago

friendly reminder: this vulnerability is still present in fontkit 2.0.2