Comment by UncleOxidant
7 months ago
Can someone explain why HarfBuzz isn't a potentially serious security vulnerability? Couldn't someone create a .ttf file that looks like one of the standard .ttf files but includes similar capability to this llama.ttf to execute arbitrary code?
https://webassembly.org/docs/security/