Exploit for 📄 FreeType Font Rendering Overflow Test Harness / Crash Detection

Name: Exploit for 📄 FreeType Font Rendering Overflow Test Harness / Crash Detection
Rating: 5 (2 reviews)
2026-06-15 | CVSS 5.7
## https://sploitus.com/exploit?id=PACKETSTORM:223392
==================================================================================================================================
    | # Title     : FreeType Font Rendering Overflow Test Harness Crash Detection                                                    |
    | # Author    : indoushka                                                                                                        |
    | # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits)                                                 |
    | # Vendor    : https://freetype.org/                                                                                            |
    ==================================================================================================================================
    
    [+] Summary    : This C program is a testing harness built around the FreeType font rendering library to detect potential memory corruption issues 
                     (such as heap buffer overflows) when loading malicious or malformed TrueType font files.
    
    [+] POC        :  
    
    #include <ft2build.h>
    #include FT_FREETYPE_H
    #include <stdio.h>
    #include <stdlib.h>
    #include <signal.h>
    #include <setjmp.h>
    
    jmp_buf crash_jmp;
    
    void sigsegv_handler(int sig) {
        longjmp(crash_jmp, 1);
    }
    
    int main(int argc, char** argv) {
        FT_Library library;
        FT_Face face;
        int overflow_detected = 0;
        
        if (argc < 2) {
            printf("Usage: %s malicious.ttf [glyph_index]\n", argv[0]);
            return 1;
        }
        
        signal(SIGSEGV, sigsegv_handler);
        
        if (setjmp(crash_jmp) == 0) {
            FT_Init_FreeType(&library);
            FT_Property_Set(library, "truetype", "interpreter-version", 35);
            
            if (FT_New_Face(library, argv[1], 0, &face)) {
                printf("Failed to load font\n");
                return 1;
            }
            
            int glyph_index = (argc > 2) ? atoi(argv[2]) : 2;
            printf("[*] Loading glyph %d...\n", glyph_index);
    
            int error = FT_Load_Glyph(face, glyph_index, 
                                       FT_LOAD_NO_SCALE | FT_LOAD_NO_HINTING);
            
            if (!error) {
                printf("[!] Glyph loaded without crash (patch might be applied)\n");
            } else {
                printf("[!] Error loading glyph: %d\n", error);
            }
            
            FT_Done_Face(face);
            FT_Done_FreeType(library);
        } else {
            printf("[+] CRASH DETECTED: Heap buffer overflow occurred!\n");
            overflow_detected = 1;
        }
        
        return overflow_detected ? 0 : 1;
    }
    
    	
    Greetings to :==============================================================================
    jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|
    ============================================================================================