Lucene search
K

76 matches found

SUSE Linux
SUSE Linux
added 2026/01/21 11:4 a.m.7 views

Security update for python-FontTools

This update for python-FontTools fixes the following issues: CVE-2025-66034: Fixed arbitrary file write vulnerability that could lead to remote code execution bsc1254366. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zyppe...

6.3CVSS6.6AI score0.00496EPSS
Exploits9References4
OSV
OSV
added 2026/01/21 11:3 a.m.3 views

SUSE-SU-2026:0199-1 Security update for python-FontTools

This update for python-FontTools fixes the following issues: - CVE-2025-66034: Fixed arbitrary file write vulnerability that could lead to remote code execution bsc1254366...

9.8CVSS6.6AI score0.00496EPSS
Exploits9References3
OSV
OSV
added 2026/01/21 12:0 a.m.14 views

OPENSUSE-SU-2026:10076-1 python311-FontTools-4.61.1-1.1 on GA media

These are all security issues fixed in the python311-FontTools-4.61.1-1.1 package on the GA media of openSUSE Tumbleweed...

9.8CVSS6.1AI score0.00496EPSS
Exploits9References1
Tenable Nessus
Tenable Nessus
added 2025/12/24 12:0 a.m.9 views

TencentOS Server 4: fonttools (TSSA-2025:0963)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0963 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

9.8CVSS8.1AI score0.00496EPSS
Exploits9References2
OpenVAS
OpenVAS
added 2025/12/22 12:0 a.m.1 views

Fedora: Security Advisory (FEDORA-2025-58e2bb0f1e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.8AI score0.00496EPSS
Exploits9References3
Fedora
Fedora
added 2025/12/20 1:23 a.m.8 views

[SECURITY] Fedora 42 Update: fonttools-4.61.0-1.fc42

fontTools is a library for manipulating fonts, written in Python. The project includes the TTX tool, that can convert TrueType and OpenType fonts to and fr om an XML text format, which is also called TTX. It supports TrueType, OpenType, AFM and to an extent Type 1 and some Mac-specific formats...

9.8CVSS7AI score0.00496EPSS
Exploits9
Tenable Nessus
Tenable Nessus
added 2025/12/20 12:0 a.m.5 views

Fedora 42 : fonttools / python-unicodedata2 (2025-58e2bb0f1e)

The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-58e2bb0f1e advisory. Update to 17.0.0 version 2412270 Update fonttools 4.61.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. No...

9.8CVSS7.3AI score0.00496EPSS
Exploits9References2
Veracode
Veracode
added 2025/12/13 7:24 a.m.11 views

Arbitrary File Write

fontTools is vulnerable to an arbitrary file write. The vulnerability is due to improper handling of malicious .designspace files in the fontTools.varLib module, which allows an attacker to achieve remote code execution by writing arbitrary files when processed...

9.8CVSS7.5AI score0.00496EPSS
Exploits9References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/12/10 12:0 a.m.3 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : fontTools vulnerabilities (USN-7917-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7917-1 advisory. It was discovered that the subsetting module of fontTools was vulnerable to an XML External Entity XEE attack. An...

9.8CVSS8AI score0.01228EPSS
Exploits10References3
OpenVAS
OpenVAS
added 2025/12/10 12:0 a.m.10 views

Ubuntu: Security Advisory (USN-7917-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.8AI score0.01228EPSS
Exploits10References2
Ubuntu
Ubuntu
added 2025/12/09 5:8 p.m.13 views

USN-7917-1: fontTools vulnerabilities

It was discovered that the subsetting module of fontTools was vulnerable to an XML External Entity XEE attack. An unauthenticated remote attacker could possibly use this issue to include arbitrary files from the file system or make web requests from the host system. This issue only affected Ubunt...

9.8CVSS6.9AI score0.01228EPSS
Exploits10
RedhatCVE
RedhatCVE
added 2025/12/09 2:17 a.m.7 views

CVE-2025-66034

This vulnerability in fontTools varLib allows a crafted .designspace file to trigger arbitrary file writes and XML-based content injection during variable-font generation. Because filenames are not sanitized, an attacker can use path traversal to overwrite files anywhere on the filesystem, and...

9.8CVSS7.1AI score0.00496EPSS
Exploits9References5
SUSE CVE
SUSE CVE
added 2025/12/02 12:23 a.m.6 views

SUSE CVE-2025-66034

fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The...

6.3CVSS7.9AI score0.00496EPSS
Exploits9References5
Github Security Blog
Github Security Blog
added 2025/12/01 7:7 p.m.44 views

fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib

Summary The fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The vulnerability affects the main code path of fontTools.varLib, used by the fonttools varLib CLI and...

9.8CVSS8.3AI score0.00496EPSS
Exploits9References4Affected Software1
OSV
OSV
added 2025/12/01 7:7 p.m.4 views

GHSA-768J-98CG-P3FV fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib

Summary The fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The vulnerability affects the main code path of fontTools.varLib, used by the fonttools varLib CLI and...

6.3CVSS7.6AI score0.00496EPSS
Exploits9References4
Tenable Nessus
Tenable Nessus
added 2025/12/01 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-66034

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib...

9.8CVSS7.7AI score0.00496EPSS
Exploits9References2
Snyk
Snyk
added 2025/11/29 1:40 a.m.30 views

XML Injection

Overview fonttools is a Tools to manipulate font files Affected versions of this package are vulnerable to XML Injection via the main function in the fontTools/varLib/init.py file. An attacker can write files to the filesystem by supplying a specially crafted .designspace file. Remediation Upgrad...

9.8CVSS7.1AI score0.00496EPSS
Exploits9References2
NVD
NVD
added 2025/11/29 1:16 a.m.11 views

CVE-2025-66034

fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The...

9.8CVSS0.00496EPSS
Exploits9References2
OSV
OSV
added 2025/11/29 1:16 a.m.26 views

DEBIAN-CVE-2025-66034

fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The...

9.8CVSS8.4AI score0.00496EPSS
Exploits9References1
OSV
OSV
added 2025/11/29 1:16 a.m.5 views

UBUNTU-CVE-2025-66034

fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The...

9.8CVSS7.7AI score0.00496EPSS
Exploits9References5
Rows per page
Query Builder