The Implications of Insecure Use of Fonts Against PDF Documents and Web Pages

Author

Junjie Xiong, Missouri University of Science and TechnologyFollow
Mingkui Wei
Xiao Han
Zhuo Lu
Yao Liu

Abstract

This paper identifies the importance of the safe use of fonts in web and document security. We find multiple attack surfaces that can be exploited by an adversary using malicious fonts. We conduct a comprehensive evaluation of Portable Document Format (PDF) documents collected from the real world to investigate how an attacker can bypass PDF signatures. We further evaluate the potential security threats that an attacker can bring to web-based emails. Our study shows that various security issues may be caused by the inappropriate use of fonts, which are nevertheless overlooked in the past years. As such, guidelines promoting the secure use of fonts could be beneficial in reinforcing the security measures for digital documents and web pages.

Recommended Citation

J. Xiong et al., "The Implications of Insecure Use of Fonts Against PDF Documents and Web Pages," IEEE Transactions on Information Forensics and Security, vol. 20, pp. 8773 - 8787, Institute of Electrical and Electronics Engineers, Aug 2025.

The definitive version is available at https://doi.org/10.1109/TIFS.2025.3599320

Department(s)

Computer Science

Keywords and Phrases

Font security, glyph-code mismatch, PDF signatures, email spoofing, document integrity

International Standard Serial Number (ISSN)

1556-6013, 1556-6021

Document Type

Article - Journal

Document Version

Citation

File Type

text

Language(s)

English

Rights

© 2025 Institute of Electrical and Electronics Engineers, all rights reserved

Publication Date

18 August, 2025