76 matches found
Security update for python-FontTools
This update for python-FontTools fixes the following issues: CVE-2025-66034: Fixed arbitrary file write vulnerability that could lead to remote code execution bsc1254366. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zyppe...
SUSE-SU-2026:0199-1 Security update for python-FontTools
This update for python-FontTools fixes the following issues: - CVE-2025-66034: Fixed arbitrary file write vulnerability that could lead to remote code execution bsc1254366...
OPENSUSE-SU-2026:10076-1 python311-FontTools-4.61.1-1.1 on GA media
These are all security issues fixed in the python311-FontTools-4.61.1-1.1 package on the GA media of openSUSE Tumbleweed...
TencentOS Server 4: fonttools (TSSA-2025:0963)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0963 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Fedora: Security Advisory (FEDORA-2025-58e2bb0f1e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 42 Update: fonttools-4.61.0-1.fc42
fontTools is a library for manipulating fonts, written in Python. The project includes the TTX tool, that can convert TrueType and OpenType fonts to and fr om an XML text format, which is also called TTX. It supports TrueType, OpenType, AFM and to an extent Type 1 and some Mac-specific formats...
Fedora 42 : fonttools / python-unicodedata2 (2025-58e2bb0f1e)
The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-58e2bb0f1e advisory. Update to 17.0.0 version 2412270 Update fonttools 4.61.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. No...
Arbitrary File Write
fontTools is vulnerable to an arbitrary file write. The vulnerability is due to improper handling of malicious .designspace files in the fontTools.varLib module, which allows an attacker to achieve remote code execution by writing arbitrary files when processed...
Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : fontTools vulnerabilities (USN-7917-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7917-1 advisory. It was discovered that the subsetting module of fontTools was vulnerable to an XML External Entity XEE attack. An...
Ubuntu: Security Advisory (USN-7917-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-7917-1: fontTools vulnerabilities
It was discovered that the subsetting module of fontTools was vulnerable to an XML External Entity XEE attack. An unauthenticated remote attacker could possibly use this issue to include arbitrary files from the file system or make web requests from the host system. This issue only affected Ubunt...
CVE-2025-66034
This vulnerability in fontTools varLib allows a crafted .designspace file to trigger arbitrary file writes and XML-based content injection during variable-font generation. Because filenames are not sanitized, an attacker can use path traversal to overwrite files anywhere on the filesystem, and...
SUSE CVE-2025-66034
fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The...
fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib
Summary The fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The vulnerability affects the main code path of fontTools.varLib, used by the fonttools varLib CLI and...
GHSA-768J-98CG-P3FV fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib
Summary The fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The vulnerability affects the main code path of fontTools.varLib, used by the fonttools varLib CLI and...
Linux Distros Unpatched Vulnerability : CVE-2025-66034
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib...
XML Injection
Overview fonttools is a Tools to manipulate font files Affected versions of this package are vulnerable to XML Injection via the main function in the fontTools/varLib/init.py file. An attacker can write files to the filesystem by supplying a specially crafted .designspace file. Remediation Upgrad...
CVE-2025-66034
fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The...
DEBIAN-CVE-2025-66034
fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The...
UBUNTU-CVE-2025-66034
fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The...