High-Logic FontCreator Out-of-Bounds Read Vulnerability

A vulnerability allowing out-of-bounds read has been identified in High-Logic FontCreator version 15.0.0.3015. This issue arises when a specially crafted font file is opened, potentially leading to the disclosure of sensitive information. The vulnerability requires the user to be tricked into opening the malicious file.

Impact

Exploitation of this vulnerability allows for arbitrary memory reading within the process, which could result in the unintentional disclosure of sensitive information.

Reproduction

The vulnerability can be reproduced by opening a crafted font file in High-Logic FontCreator 15.0.0.3015. The file must be designed to exploit the GSUB subtable processing, specifically by manipulating the CoverageFormat2 table to create an out-of-bounds read condition.

Remediation

Users are advised to update to the patched version of High-Logic FontCreator, which is available on the official High-Logic website.