Can a font contain a virus?

Discuss FontCreator here, please do not post support requests, feature requests, or bug reports!
Post Reply
Pyanepsion
Posts: 13
Joined: Thu Jun 04, 2020 5:33 pm

Can a font contain a virus?

Post by Pyanepsion »

Hello,
We all know that downloading a font can of course lead to the downloading of a virus if it is done from an installer, and on the other hand that some fonts have been created to use loopholes causing a virus to be able to take control of our computer.

Already in 2018 from Microsoft:
CVE-2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016

Can a font itself contain a virus in its source?
RickDe
Posts: 19
Joined: Thu Oct 08, 2020 5:32 pm
Location: United States
Contact:

Re: Can a font contain a virus?

Post by RickDe »

So first off a font cannot BE a virus on its own. It is not a program that can be executed by a computer all by itself. It is data like an Image file.

Now that being said, it is possible for a font to BECOME a virus when combined with either a bug or flaw in another program that loads the font file. This is also true for ANY file that is loaded into another program that is executing. A common mistake in the older days was a stack overflow attack where the programmer did not set limits to a loading file and in some cases the loading data can jump into executing code and now the data can become an executing program and if it contains exploits or malicious code its a virus.

A more recent method is that a virus may mask itself as a data file and could mask part of its code as a font file. It could spilt itself into multiple parts and may pretend that part maybe an image and another part might be a font file. I've never actually seen this, but most viruses or malicious intent code try and mask themselves as junk data or common data files.

So these days operating systems protect themselves much better so 99.99% of the time this is something not to be concerned with. I am not.
Post Reply