- Canva, an Australian graphics company has revealed security issues in fonts, including vulnerabilities in FontTools and naming conventions.
- Tools like FontForge and ImageMagick, while helpful, can pose security risks if not used cautiously.
- Canva emphasizes the importance of addressing font security to prevent potential malicious exploits.
According to the famous Australian graphics company Canva, Font security is a big deal. They have recently found some problems with fonts that could cause trouble.
Canva has recently explained that they are always trying to make their software and tools safer. This time, they looked into fonts and found three issues.
The first problem, called CVE-2023-45139, is a serious one. It’s about a library called FontTools, which helps work with fonts.
Canva has discovered that FontTools could use a file that wasn’t safe, which could lead to a password file being accessed.
Then there are two other issues, called CVE-2024-25081 and CVE-2024-25082. These are less serious but still important.
They are about how fonts are named and compressed.
Sometimes, when you work with fonts, you need to be careful about the names and how they’re compressed, or you could open up security problems.
Canva has explained that tools like FontForge and ImageMagick can help with fonts, but they need to be used carefully.
For example, FontForge could be tricked into opening files it shouldn’t, which is a big problem for security.
Fonts are often stored in archive files, which are like bundles that keep fonts together. But when programs like FontForge try to work with these files, they could accidentally open up security issues.
Canva has shown how this could happen by creating a special kind of archive file with a bad name inside.
Canva wants people to understand that fonts can be risky. Even though they seem harmless, they can be used to do bad things if they’re not handled carefully.
This isn’t a new problem. Google talked about it back in 2015, but it’s still important today.
