Reverse Engineering and Exploiting Font Rasterizers - The OpenType Saga

Explore the intricacies of font rasterization security in this 57-minute conference talk presented by Mateusz Jurczy at the 44CON Information Security Conference. Delve into the world of font file formats, with a focus on OpenType, and discover why they are prime targets for attackers. Learn about the complexities of font processing software, its implementation in C/C++, and the challenges posed by aging codebases. Examine the widespread impact of font-related vulnerabilities across browsers, document viewers, and operating systems. Follow the speaker's journey through a detailed security audit of OpenType font handling in popular libraries, applications, and operating systems. Uncover critical vulnerabilities that enable reliable arbitrary code execution, bypassing modern exploit mitigations. Gain insights into the evolution of typography and font security research, including historical context from the 80s and 90s. Understand the process of reverse-engineering proprietary OpenType/CFF implementations, such as Windows kernel ATMFD.DLL module. Analyze root causes and exploitation techniques for vulnerabilities found in Microsoft Windows, Adobe Reader, DirectWrite, FreeType, and other products. Enhance your knowledge of font security and its implications for modern software ecosystems.