can ttf and otf fonts files contains a virus?

greeting

cinnamon environment

i use gimp and inkscape for design. some time find my self need some special fonts (most time they published public for free on diffident platform “not verified”).

1- after download the font file (ttf or otf extension), i go to permission to be sure it not allow exude the file as program.

2- double click on it and find it opens with fonts (new windows with install buttons with click it the font installed).

so my question is there’s chance those kind of files hold virus? if yes did my way to install fonts will let the virus infect the device?
is there’s some way to be sure it not infect the device?

What’s the problem? Run antivirus and check the downloaded files.
:stuck_out_tongue:
Don’t forget, clamav is free. There is no need to download it from “not verified” resources:

https://en.opensuse.org/ClamAV

most of them is free and public shared(do not Owen official source).

many thanks for you

Virus for what? I am not aware of any virus for Linux. There may be one, but as long as it is unknown, no aniti-virus software (clamav or other) can detect it.

notice i install the fonts by download ttf or otf files from public websites
so i try ask if there’s chance that they continue some code that will run when double click them

by virus i mean hidden code that may be activate desktop remote access or some data transfer protocol or something else

I suppose anything is possible as no one here can know exactly what you are doing at your end. Neither the extent of your understanding.

For those of us that have used Linux for years. When we introduce newcomers to Linux, we are comforted in the fact that even if they are inept blundering fools with technology. Whatever they do is unlikely to cause any big problem.

So, it’s unlikely you are going to cause any big problem. However, as I said: Anything is possible

Short answer: Yes font files can carry a virus payload. There have been many documented cases, although all I’ve found have been in the MS Windows world. Which doesn’t necessarily mean there are none in the Linux world…

Interesting reading: Project Zero: A year of Windows kernel font fuzzing #1: the results

Google on font vulnerabilities and you will find many more…

As already suggested, scan with some type of antivirus software; although that does not guarantee a font is virus free, merely that it’s “virus signature” is not recognised by the anti virus software.

For TrueType and OpenType fonts you could adopt a “Do It Yourself” approach such as using “ttx” (part of “python3-FontTools”) to convert the file to xml and then look through the resultant file for anything suspicious.

The safest approach of course is to not download font files from (potentially) untrusted sources :wink:

thanks a lot

many thanks​:heartbeat::green_heart:, your answer help me a lot​:pray:.