Jaecho6053

**Name of the Vulnerable Software and Affected Versions** PDFio versions prior to 1.3.1 **Description** The issue concerns a denial of service (DOS) vulnerability in the TTF parser of the PDFio library. Maliciously crafted TTF files can cause the program to utilize 100% of the memory and enter an infinite loop, potentially leading to a heap-buffer-overflow vulnerability. This occurs due to the `nGroups` value extracted from the file, which, when altered, can cause the program to consume excessive memory and enter an infinite loop. The `read camp` function is specifically affected by this issue. Automated systems, including web servers using this library to convert PDF submissions into plaintext, are vulnerable to DOS attacks if an attacker uploads a malicious TTF file. **Recommendations** For versions prior to 1.3.1, upgrade to release version 1.3.1 to address the issue. As a temporary workaround, consider restricting the upload of TTF files or implementing additional validation checks on `nGroups` values to prevent excessive memory usage and infinite loops. Avoid using the `ttf.h` library until the issue is resolved.