If the numFonts field in the TTC header is greater than (SIZE_MAX+1) / 4, an integer overflow occurs in filevirus_ttf() when calling CSafeGenFile::SafeLockBuffer.
f677bb58e1b1048a5746cfc026a361e68396925db1aa60baa097504025056cfd
© 2022 Packet Storm. All rights reserved.