Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Well if you just want static vector fonts alone you don’t need anything programmatic; vector images are not inherently code anymore than raster ones. For TrueType I’m pretty sure the VM is only for hinting. OpenType has more flexibility but I haven’t anecdotally seen many vulnerabilities around OpenType. I suspect Type 1 is subject of many vulnerabilities specifically because it’s old code that doesn’t get as much usage.



Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: