MsFontsFuzz: OpenType font format fuzzer for Windows

USAGE:  > MsFontsFuzz.exe [options]
… where and – Text name of the font and path to the .TTF/.OTF font file.The [options] can be:–test – Just draw font characters and print file information without fuzzing.
–text – String that will be drawn during fuzzing using the specified font. By default – ASCII ñcharacters string in range 20h – 7Fh.
–noisy – Print detailed information about each fuzzing iteration.
–fix-crcs – Fix invalid checksums in specified font file without fuzzing.


See ReleaseBrushScriptStd_Fuzzing.bat – you can run this scenario to start fuzzing with the Brush Script Std Regular font.

This fuzzer helps to find remote (client-side) DoS 0day vulnerability in Windows kernel, with invalid decoding of 0x0d byte in the Type 2 Charstring Format Glyph, that drops ATMFD.DLL code into the infinite loop.

PoC code:

Detailed analysis (russian):

Download : Zipball  | Tarball 
Find other version |
About the Project : By Oleksiuk Dmytro (aka Cr4sh) | |