This post series is about how we used at-scale fuzzing to discover and report a total of 16 vulnerabilities in the handling of TrueType and OpenType fonts in the Windows kernel during the last year. In part #1 here, we present a general overview of the font security area, followed by a high-level explanation of the fuzzing effort we have undertaken, including the overall results and case studies o
![A year of Windows kernel font fuzzing #1: the results](https://cdn-ak-scissors.b.st-hatena.com/image/square/a9db48a1f3ec05f37eeca1d95edb58e892c1fee1/height=288;version=1;width=512/https%3A%2F%2Fblogger.googleusercontent.com%2Fimg%2Fb%2FR29vZ2xl%2FAVvXsEhDVd_t32fJFDeh8vK2uFyxKe8p1XHlVBgrIngzAXbiozms_TU346uCLfDrXOr6rTHzviUTAbakWRRghOzmBa5FkVmhQCp7nTpBhbblH8Jduzzm0_2eEOlCvqkt8zu6aCumgRSrklsJHnKFRzDYIY9eLJvANf5yGRP5wp_qkGmul-NE8faVgNY8nwYK%2Fw1200-h630-p-k-no-nu%2FoPGVBLrAs7ITRZ_L3FUT7qVRPRkVJXEwPGcwZZV56PgswiLeofeGKvzyoDKD8Ep3oDhqNkvNnv0cWgg4_9BYyiYdJzpN9NSq8HKjUuhjYto5RIxBGPyqoADYjSWYyptf-yEGVups.png)