Malformed CFF Vulnerability

The Malformed CFF Vulnerability, along with the IOSurface Kernel Exploit, was used in Star/JailbreakMe 2.0. It is a stack overflow in the handling of CFF opcodes. Contrary to popular belief, it is not a vulnerability within the PDF parser, although the malformed font was placed in a PDF for exploitation.

On 2023, the freemyipod project announced the successful use of this vulnerability to achieve unsigned code execution on the iPod nano (6th and 7th generation) for the first time. A proof-of-concept exploit was released on GitHub as ipod_sun.

Fix
The following patch was used to fix the bug: